The Cyberwatching.eu team written this report, presenting the results of the analysis of the risk and recommendations on cybersecurity services from different angles, which include an update on the challenges of emerging technologies, in particular, Artificial Intelligence (AI) and Internet of Things (IoT) thereby resulting in a set of key recommendations covering the cybersecurity services landscape.
Cybersecurity services increasingly rely on the use of emerging technologies, such as AI and IoT. However, new EU legislation often comes with a challenging implementation period, during which European Member States must, efficiently and coherently, adapt their national laws to the requirements of the new piece of EU legislation.1 An example of such a challenge and changing environment is related to the difficulties of the COVID contact tracing apps to comply with the GDPR.
Due to this acknowledged challenge, EU institutions and agencies have looked into how these difficulties can be overcome. One example is through enforcement: consider the designated national authorities responsible for enforcing the terms of the GDPR2 and the Directive on Network and Information Security (NIS-D).3 However, both the GDPR and NIS-D provide additional challenges which are inherent to their domains of regulation, in particular where they are considered as applicable to innovative fields of technology, such as Emerging Technologies – the complexities and intrusive nature (in terms of personal data collection and further processing) of AI and IoT-based products and services create theoretical and practical issues when looking to enforce the obligations of the GDPR or NIS-D against technology service developers/providers and users.