Abstract
This study examines the synergies and conflicts among key EU cybersecurity regulations: the Digital Operational Resilience Act (DORA), Network and Information Security Directive (NIS2), Artificial Intelligence Act (AI-Act), General Data Protection Regulation (GDPR), and the Cyber Resilience Act (CR-Act). By conducting a comprehensive literature review and analysing case studies from the financial and healthcare sectors, the research identifies common goals and shared compliance requirements, such as risk management frameworks, incident reporting protocols, and security controls. The findings highlight significant synergies in enhancing cybersecurity resilience and protecting personal data, but also reveal conflicts in compliance timelines, definitions, and reporting requirements. To address these issues, the study proposes harmonizing regulatory requirements, enhancing regulatory guidance, and leveraging technology and innovation to streamline compliance efforts. This research provides insights for organizations navigating the complex regulatory landscape, aiming to optimize their cybersecurity practices and ensure regulatory compliance.
Recommended Citation
Correia, Anacleto and Gonçalves, António, "Regulatory Convergence and Divergence: A Study on the Synergies and Conflicts among Key Cybersecurity European Legislation" (2024). MCIS 2024 Proceedings. 4.
https://aisel.aisnet.org/mcis2024/4