Europe’s Dialogue on Internet Governance (EuroDIG) met the week of 19 June 2023 in Tampere, Finland, in a hybrid format featuring the overarching theme: “Internet in Troubled Times: Risks, Resilience, Hope” with sessions organized around those three areas.
IEEE SA organized a session under the resilience track focused on Europe’s Digital Transformation – Regulatory Challenges, Technical Impacts and Emerging Opportunities. On the panel were representatives from the user, technical, and policy and regulatory communities.
The session focused on the European Union’s (EU) digital services regulatory framework and digital transformation directives and the challenges they bring to companies, users, and the technical community.
The session also touched on the European Cyber Resilience Act (CRA), which aims to set boundary conditions for the development of secure products with digital elements. The goal of this Act is to ensure that hardware and software products are placed on the market with fewer vulnerabilities and for manufacturers to take security seriously throughout a product’s life cycle. It also plans to create certification and compliance disclosure requirements for companies, letting users take cyber security into account when selecting and using products with digital elements.
The panel was composed of three speakers, each with a different view on EU regulation and its challenges:
Vittorio Bertola, providing the user perspective, discussed the difficulty with complying with all the conditions that were laid out in the directive, such as how much regulation is needed, and balancing regulation with industry’s needs. He noted the challenge of implementing numerous recent EU regulatory directives, such as the Digital Markets Act, and several directives on cyber security.
Peter Eberl added regulatory perspective by noting the importance of establishing baseline cyber security criteria for products and services offered in the EU. In particular, commercial software and products are required to comply with privacy and data protection obligations under GDPR. Peter highlighted the value that this provides to consumers.
Stefano Zanero, an IEEE member from Region 8 and a professor of engineering at Polytechnic University of Milan, Italy, discussed the importance of acknowledging international standards and the role they play in supporting cross-border product opportunities and the value of implementing a certification program. He suggested that the EU could have products and services “marked” as compliant with their cyber security requirements.
The panelists concluded that cyber security centers more around risk management and the vulnerabilities faced than on related regulatory directives. The exact same software system in a different context can be perfectly adequate in terms of security or completely inadequate and vulnerable to threats.