EU information security legal framework

Novaković Marko (Institut za međunarodnu politiku i privredu, Beograd), marko@diplomacy.bg.ac.rs
Vučić Mihajlo (Institut za međunarodnu politiku i privredu, Beograd), mihajlo@diplomacy.bg.ac.rs

In the modern digital age, the security of information systems and networks is the basis for the functioning of economic, social, and institutional structures. The European Union (EU) has recognised the importance of this area and developed a comprehensive legal framework that includes a number of directives and regulations with the aim of strengthening information security and resilience. This framework encompasses key acts such as the NIS2 Directive, which improves security standards and encourages cooperation between member states; the DORA Regulation, which deals with the management of digital risks in the financial sector; the CER Directive for the protection of critical infrastructures; as well as the CSA and CRA Regulations that define security standards for digital products and services. The paper analyses the existing EU legal framework, discusses its role in strengthening digital resilience, and examines the challenges in its implementation. Special attention is paid to the importance of these regulatory measures for the Republic of Serbia, which, as a candidate for EU membership, should harmonise its regulations with European standards. The implementation of the aforementioned directives and regulations represents not only a regulatory challenge but also an opportunity to improve national capacities in the field of information security.

Keywords: EU, information security, NIS2, DORA, CER, CSA, CRA