Filling Global Governance Gaps in Cybersecurity: International and European Legal Perspectives

The many recent cyber incidents have shown how cybersecurity has entered the realm of international relations. Several international organizations have taken cybersecurity policy initiatives, notably the United Nations (UN) and the European Union (EU). Both organizations aspire to a leading role in enhancing cybersecurity resilience. To date, however, these initiatives have not resulted in much regulation. This article examines which factors make lawmaking and the regulation of cybersecurity difficult at the international level, and whether some of these impediments are shared at the EU legislative level. Are difficulties in regulating cybersecurity embedded in the normative processes at the UN or the EU, or are they inherent to the high-tech phenomenon of cyber? As for the UN, the article looks at the work of the UN Group of Governmental Experts (GGE). While previous reports of the UN GGE seemed to point to an emerging international opinio furls, recent developments in the UN General Assembly (UNGA) show a strongly divided international community. At the EU level, the article discusses the two main legislative initiatives on cybersecurity that have seen the light of day: the 2016 Directive on Network and Information Security and the 2019 Regulation on the EU Cybersecurity Act.