The European Commission has significantly increased its legislative activity in recent years. Almost a decade has passed since the introduction of the first horizontal cybersecurity legislation, the NIS Directive. Its aim was to achieve a high level of cybersecurity across the EU, and it has succeeded. Even the NIS standard has been successfully exported by the EU to third countries, as with the GDPR. The recent period has been quite rich in a number of important writings. For example, the finalisation of the updated Network and Information Security Directive (NIS2), the implementation of the Cybersecurity Act (CSA) through ENISA's work on cyber certification schemes, or the launch of the European Centre of Competence (ECCC) based in Bucharest. Last but not least, the proposal for a Cyber Resilience Act (CRA) focused on the security of IoT systems, including the regulation of SW and HW products, which is currently being debated in the EU Council. Mention should also be made of the brand new April cybersecurity package, in which the European Commission presented a proposal for a Cyber Solidarity Act aimed at building a resilient EU cybersecurity shield and providing rapid assistance to a country in need, as well as a proposal for a revision of the CSA to introduce schemes for managed security services. In addition to the files mentioned, there are others, particularly in sectoral areas.

Panelists will discuss whether our current legislative framework remains adequate to effectively respond to cybersecurity incidents, threats and trends? Are we "resting on our laurels"? The main debate should highlight where we actually are with the level of cybersecurity and related digital legislation with cybersecurity elements. Is the EU capable of protecting critical infrastructure elements of the state and industry? Are the current competences of the European institutions, bodies and agencies sufficient to act quickly, efficiently and transparently? Where are the current problems?