In 2024, we will see new cybersecurity legislation being implemented and - technological - developments following each other even faster. Being able to rely on the internet is crucial for companies and our society, and fending off cyber attacks competently is confidence essential in this regard.
Ingolf Rauh, head of product and innovation management at Swisscom Trust ServicesIngolf Rauh, head of product and innovation management at Swisscom Trust Services, sees four trends to combat cyber threats and thus ensure trust in the digital world.
1 - New regulations: NIS2 and DORA
NIS2 (Network and Information Security 2) goes further than its predecessor by adopting a broader scope, stricter security standards and incident reporting requirements. The new legislation aims to harmonise cybersecurity requirements for critical infrastructures, while DORA (Digital Operational Resilience Act) emphasises operational resilience in the financial sector. In particular, both regulations hold broader supply chains accountable and establish obligations for software vendors. NIS2 is a directive that must be transposed into national law by October 2024. However, each EU country can implement the directive differently, creating challenges for multinationals such as banks.
On the other hand, DORA is an EU regulation that is expected to take immediate effect in member states in 2025. DORA focuses on operational stability in the financial sector to withstand a cyber attack so that financial services remain available.
Companies should familiarize themselves with this new regulation early on, as non-compliance could cause problems, especially with regard to NIS2, where the audit competence in the Netherlands lies with the AFM. It has already been announced that compliance will be actively monitored. Article 46 of DORA implies that several authorities will monitor compliance - ideally the ECB.
2 - eIDAS 2.0 and EU digital wallets
In February 2024, the EU Parliament will vote on a regulation to introduce digital wallets, or, digital wallets. If the bill passes both the Parliament and the European Council, the regulation could come into force as early as spring 2024. The proposal states that all 27 member states should offer their citizens a digital wallet for electronic identification by 2026. By 2030, the European Commission wants 80% of the EU population to have such a Confidence wallet, but critics, including data protection advocates and security experts, worry about compromising the anonymous use of digital services.
3 - Digital signature is legally valid
The requirements of the eIDAS Regulation have been incorporated into the Civil Code in the Netherlands. This establishes a legal framework for so-called trust services such as an electronic signature. With the introduction of eIDAS, electronic signatures are accepted as legally valid evidence. An electronic signature not only speeds up a contract process, for example, but also saves a company costs. And they are also as valid as handwritten signatures in almost all cases. Just make sure to use an advanced digital signature or a qualified electronic signature.
4 - Post-Quantum cryptography
Quantum computing regularly makes the news and the technology is approaching practical use. It is difficult to estimate when this superior computing power will become widely available, but it seems a matter of time. Once the technology is available, it will inevitably also fall into the wrong hands, allowing criminals to use it to crack encryptions previously considered secure. Quantum computing enables the use of new confidence algorithms, which significantly reduce the computation time for solving complex mathematical problems used in cryptography.
This means that new algorithms for encryption are needed that are complex enough to withstand attacks from quantum computers. IT security and trust service providers today need to design their hardware and software to incorporate new, quantum-resistant algorithms in the future.