Can we speak of a gap regarding the way cybersecurity is approached in the EU and in the US?
Do you think that the EU could be considered lagging a step behind as per what concern its approach(es)? The approach to cybersecurity is quite different between Brussels and Washington. One of the main differences is that the United States opted for a voluntary-reporting mechanism, calling for voluntary sharing of information on cyberattacks between business and government.
In Europe, instead, the proposed legislation set out clear compulsory requirements for companies to comply with, notably concerning preparedness and maintenance of networks; moreover, the scope of companies called for action includes operators in critical sectors other than ICT (energy, transports, banking, and healthcare).
Which are the pros and cons of each approach? And what these differences and inconsistencies will mean for trade deals and companies?