Risk professionals call for match in EU and UK cybersecurity regulations

Nearly three quarters of Airmic members have said the UK’s data protection and cyber security measures should match the European Union’s (EU).

A total of 73% respondents said yes, 20% said not sure and 7% said no.

The UK currently uses the NIS1 Directive, which was first implemented in May 2018.

Whereas the EU uses the NIS2 Directive, which was adopted to address the limitations of NIS1.

Compared to NIS1, NIS2 places more importance on organisations proactively managing risks that are introduced by third parties.

Airmic’s chief executive Julia Graham said: “Cyber attacks are not hindered by national borders, so it is understandable that Airmic members are keen for the UK’s regulatory requirements on data protection and cyber security match the EU’s post-Brexit.”

Labour government

Although the UK is not set to implement the EU’s NIS2 Directive, the new Labour government is planning its own reform of data protection and cyber security practices in the UK.

Hoe-Yeong Loke, head of research at Airmic, said: “A majority of Airmic members believe the UK should align with EU regulations, or at least be similar enough, to maintain the current adequacy decision for EU data to continue to be shared with businesses in the UK.

“Businesses that operate in the EU, or which process EU data, will need to comply with EU regulations.

“If the UK adopts similar requirements, it will make it easier for businesses and organisations to comply with both.”