The EU has completed its work on many new cybersecurity and digital legislations. These new requirements will start applying between 2025-2027. They will apply on products that have data interfaces including electronic and software components, devices, machinery and SaaS. In many industries, new requirements will also apply on purchasing, development and maintenance of a company’s all IT and OT systems, over all functions and business processes from R&D to production and services. Non-compliance can lead to substantial administrative fines. New regulations will impact all industry sectors via supply chain dependencies, including yours. Are you prepared for this change?

Users, integrators and manufacturers of IT and OT systems are impacted by cyber security risk management measures of EU national implementations of NIS2 directive. Additionally, the NIS2 implementing regulation with a much wider range of explicit cyber security risk management requirements impacts e.g. managed services providers, perhaps even integrators, and also SaaS providers even if they provision their services from outside EU.

Manufacturers of software and hardware products with data interfaces, including manufacturers products that are sold with the -as-a-Service business model (such as SaaS), who intend to continue sales in EU, are disruptively impacted and they will need to redesign their products and processes to some extent to conform with new applicable regulations for CE marking of products (Radio Equipment Directive 3(3)def, Machinery Regulation, Artificial Intelligence Act, Cyber Resilience Act) and regarding sharing of use data (Data Act).

Most companies have already embarked on their multi-year transformational journeys related to cyber security, but some companies are still unfortunately not even aware about the new requirements. Meanwhile EU is preparing to tackle internal market issues, created by increased regulatory complexity and geopolitics.

Agenda

Overview of regulatory landscape

• Regulatory schedule and administrative fines
• How come today’s products will become illegal to sell in EU
• How to quickly learn to read EU regulations

Issues faced by companies and possible solutions

• NIS2 directive and implementing regulation
• Radio Equipment Directive delegated acts 3(3)def
• Data Act
• Machinery Regulation
• Artificial Intelligence Act
• Cyber Resilience Act

Issues faced by EU due to these new regulations

How Etteplan supports customers in transforming into companies with secure-by-design products and operational systems

Q&A

Duration 30 minutes.

The host of the Cyber Security Regulations Update webinar series is Antti Tolvanen who has since 2019 been closely following up the changes in cyber security regulatory landscape in EU. In addition to working as Sales Director at Etteplan’s Software and Embedded Solutions business area, Antti is also helping Etteplan’s customers in identifying and initiating necessary investments to meet new regulatory cyber security requirements and create competitive advantage.