CES Working Papers (Jan 2024)
The potential effects of recent EU cybersecurity and resilience regulations on cloud adoption and EU cyber resilience
Abstract
This paper delves into the potential impacts of the recently published Network and Information Security Directive 2 (NIS2) and Digital Operational Resilience Act (DORA) on EU cybersecurity resilience and cloud adoption. Employing a mixed method of descriptive literature review, narrative review, and thematic synthesis, we explore challenges for implementation, drawing from past data privacy regulations, notably the GDPR, which served as a basis for our analysis and has already significantly affected many organizations. We emphasize the need for efficient software solutions to assist organizations in complying with the new regulations, building upon lessons learned from the GDPR. Cloud service providers and enterprise software vendors are identified as key players to address these challenges. This paper discusses the paradox of organizations' historical reluctance to migrate to the cloud due to data privacy concerns, and how the motivation to comply with recent regulations may now drive increased modern cloud adoption.
