Purpose: Cybersecurity capabilities must be designed to mitigate attacks and threats to key network and information systems and ensure continuity in service provision, contribute to the security and effective functioning of economies and societies, and the NIS2 seeks to strengthen the EU approach to this. Advances in Artificial intelligence (AI) have revolutionised industries including Banking (FinTech), Law (RegTech), Insurance (InsureTech), Charities (CharityTech) and Health (HealthTech), the EU understands this and has therefore introduced the requirement for member states to embrace AI, as a cybersecurity tool used to protect against and prevent cybersecurity attacks/threats. The purpose of this article is to review the NIS2 and the changes it makes to the European approach to cybersecurity including the use of AI, and the implications for businesses subject to the new rules.
Design/methodology/approach: The subject is explored through an analysis of literature, European Union law and policy documentation. This article critically reviews a significant advent in European Cybersecurity and Technology Law; the advances created by the NIS2 Directive, which are considered alongside other key legislation that came into force in January 2023. In addition, the UKs contrasting evolving position is also critically reviewed, the article concludes with several practical suggestions on the, if any, steps for businesses as at, April 2023.
Findings: The NIS2 makes some significant inroads to close security gaps that existed in the EU cybersecurity related legislative framework, importantly it creates a requirement for the use of AI in the EU’s cybersecurity defence armoury. Businesses need to undertake several steps in preparation for full implementation of the NIS2.
Originality: This research is original as it is the amongst the first to review key advances made in EU Cybersecurity and Technology Law, and contrast that with the UK position as at, April 2023. It is also the first to discuss the likely powers of competent authorities, and the potential results of breaching other EU legislation such as the GDPR.