Key legislation on critical and digital infrastructure have been introduced to strengthen the EU’s resilience against online and offline threats, from cyberattacks to crime, risks to public health or natural disasters.
The EU introduced a raft of cyber legislation recently, but only few of those initiatives have a direct impact on PGM industry. However, many might have indirect consequences for businesses.
Relevance for PGM industry
- It’s clear that cyber threats are of high relevance for businesses. The top cyber threats in 2022 and beyond included ransomware, malware, social engineering threats, threats against data, threats against availability of services or the internet, disinformation/misinformation, and supply-chain attacks.
- Proper cyber hygiene and strong controls should be considered valuable, not only to protect the business but also because a cyber event could increase regulatory scrutiny and litigation.
- Hypothetical scenario: In the future, it might be possible that in the energy sector certain hydrogen production facilities might be considered a critical infrastructure, potentially meaning that also their supply chain would come into focus of cyber protection regulation.
The following information is intended to better understand and navigate the EU Cyber Security regulation landscape.