Nu får det vara slutlekt : Cybersäkerhetskraven för privata aktörer i ljuset av NIS2-direktivet

Detta är en Uppsats för yrkesexamina på avancerad nivå från Stockholms universitet/Juridiska institutionen

Författare: Ellinor Dison; [2023]

Nyckelord: NIS2; digital infrastructure; digital providers; NIS; information security; cybersecurity; digitalization; essential entity; important entities; EU Regulation; EU Law; NIS2; digital infrastruktur; digitala leverantörer; NIS; EU-CyCLONe; informationssäkerhet; cybersäkerhet; digitalisering; väsentlig entitet; viktiga entiteter; EU-förordning; EU-rätt;

Sammanfattning: Cybersecurity threats have grown to become a global threat to private actors and states. While work processes are becoming more efficient, rapid technological developments are exposing network and information systems to vulnerabilities. The private sector plays a significant role in keeping the EU and Sweden safe in cyberspace since technological development is essentially controlled by private actors. When it comes to socially important activities, private actors both own and operate large parts of the market, which in turn means that attacks on private actors affecting trade secrets can pose a threat to market competition and economic prosperity. This thesis maps out how the EU has chosen to combat this with the NIS and NIS2 Directives. Specifically, this thesis maps out changes in cybersecurity requirements for private actors providing digital solutions in the light of NIS2. The previous NIS has shown to be inherently flawed with regards to the EU goal of achieving a high common level of security for network and information systems. The need for renewed legislation is therefore great and, as the investigation shows, NIS2 entails a change in the content, structure, and scope of important and essential entities. In short, the NIS2 Directive requires entities to perform their due diligence and document appropriate and proportionate measures based on an all-risk analysis. The increased and broadened requirements in NIS2, which are certainly justified by the increased cybersecurity threats, must also be weighed against an overly burdensome bureaucracy for authorities and private actors. In addition, this thesis analyzes the format of NIS2 and its potential impact on the internal market of the EU. Given the fact that it is a market regulation, a proportionality assessment is required in relation to the competitive disadvantages that an overly burdensome legislation may result in for private actors. At the same time, sanctions and enforcement measures must be sufficiently dissuasive. In conclusion, this thesis argues NIS2 to bring important changes, albeit still posing risks of further fragmenting the cybersecurity levels in the union due to the flexibility given to member states. However, NIS2 is a key step in the right direction towards achieving a high common level of cybersecurity across member states.

  HÄR KAN DU HÄMTA UPPSATSEN I FULLTEXT. (följ länken till nästa sida)