EU cybersecurity regulatory tsunami creates both compliance burdens and market opportunities
Executive summary: Experts debated the impact of the EU’s cybersecurity regulatory tsunami, covering NIS2, CER, DORA and CRA, at an Expansión roundtable moderated by Julia Gil. The directives impose new compliance costs and fines, but simultaneously open a growing market for cybersecurity products and services across the EU.
Who is involved: Moderator Julia Gil (Expansión Jurídico), cybersecurity experts, regulators and corporate representatives.
Likely next: Companies will accelerate spending on compliance tools and advisory services; regulators may issue further guidance and enforcement timelines.
A roundtable hosted by Expansión examined how the wave of EU directives—NIS2, CER, DORA and CRA—is reshaping cybersecurity obligations for businesses. Experts noted that while the rules raise the cost of non‑compliance, they also spur demand for security services, technology and consulting, especially for firms operating in essential and financial sectors.
Timeline
- — La IA provoca un cambio de escala del cibercrimen (Expansión)
- — Cómo generar oportunidades a partir del 'tsunami regulatorio' (Expansión)
- — Soberanía tecnológica europea, también para la ciberseguridad (Expansión)
Analysis — what this means
Sectors affected
- cybersecurity services
- EU critical infrastructure operators
- financial services subject to DORA
Regulatory implications
- EU cybersecurity directives NIS2, CER, DORA and CRA expand compliance scope and raise potential fines
Historical parallels
- GDPR implementation in 2018 introduced broad data‑protection obligations similar in scope to the new cybersecurity rules
Sources
Open the full interactive case file on Beyond →
Social Pulse
AI estimate · not scraped