Zagreb Law Review, Vol. 13 No. 1, 2024.
Review article
The Current and Developing Regulatory Framework of Information Security in the EU and the Republic of Croatia
Tihomir Katulić
Hrvoje Lisičar
Abstract
Information security involves ensuring the reliable, confidential and trustworthy operation of information systems and preserving the availability and reliability of data. Its framework and content are increasingly regulated by law. Research consistently shows that the number of attacks on information systems as well as data breaches is rising. Information security practices are no longer just a matter of recognised industrial self-regulation standards but are instead increasingly the focus of legislators in the European Union as well as in comparative law. In the last five years, the regulation of information security in the European Union has undergone significant changes and expansion through numerous regulations, directives and legislative proposals that are still under development. This paper provides an overview and basic analysis of the current positive legal framework for information security in the European Union and the Republic of Croatia from substantive and institutional aspects. Specific regulations containing provisions in the field of information security are listed chronologically, and de lege ferenda proposals are also considered.
Keywords
information security, NIS Directive, NIS2, Cybersecurity Act, GDPR
Hrčak ID:
318345
URI
Publication date:
26.6.2024.
Visits: 27 *