Cybersecurity Policies, Legislation and Practices in the EU

Our deepening reliance on digital solutions, cloud services and the acceleration of progress in the field of AI exposes our societies to more and ever evolving cybersecurity threats. These threats put the provision of critical services, the EU’s economies and even defence at risk. The European Institutions reacted with a strategy focused on increased technological sovereignty, operational capacity and international cooperation. This manifested on the one hand in massively increased investments (e.g. another EUR 1.3 billion earmarked recently for “artificial intelligence, cybersecurity, and digital skills development” in the DIGITAL Europe Programme 2025-2027) and on the other hand in a drastically evolving legislative environment.

The EU regulatory frameworks introduced in the recent years (e.g. GDPR, NIS2 / EUI Regulation 2023/2841, Cyber Resilience Act, DORA) require for cybersecurity risks to be evaluated; security controls to be implemented and expanded the scope of covered infrastructures. With these provisions in place, the number of involved actors in the cybersecurity ecosystem has considerably increased and has become more interdisciplinary than ever. In order to plan and implement efficient security policies and to comply with the EU regulations, public authorities, organisations and professionals need to raise their cybersecurity awareness and develop the skills necessary to navigate this environment. For example, knowledge of the various cybersecurity standards (e.g. ISO 27001, ISO 27005, ISO 28000, ISO 15408) and procedures, fosters compliance with EU regulations, and enables the fundamentals for adequate protection.

Keeping up with these developments can be challenging and this unique course programme therefore brings together the experience of cybersecurity, EU policy and public administration experts to provide a practical understanding of the challenges related to designing and implementing compliant and effective cybersecurity policies in a variety of organisations and sectors.

In short: Our course focuses on topics relevant to a strong and compliant cybersecurity policy for your organisation. It covers the relevant legislation in the EU (e.g. NIS2, EUI regulation 2023/2841); the actors and stakeholders that are involved; standards and frameworks that are utilised in the EU to align ones cybersecurity policy; and how to put it all into practice.

This online course was designed with non-IT professionals in mind, as roles in cybersecurity are becoming increasingly multidisciplinary, with legal, organisational and communications expertise working alongside the technical core. For example, it also provides guidelines for Data Officers on their role in cybersecurity and also touches upon developments and interplay with the field of AI.  At the same time, the need for IT and cybersecurity professional to be updated with the cybersecurity regulations in force has become evident and therefore this course is designed also for these professionals.

The objective of this training is to provide participants with the knowledge and skillset necessary to competently navigate the cybersecurity developments in their sectors and organisations.

In this course you will learn about:

• cybersecurity: fundamental concepts and knowledge;
• legal and policy aspects of cybersecurity in the EU:
  EU directives, guidelines, regulations, initiatives;
• cybersecurity management and governance: bodies involved, processes, frameworks and policies to manage cybersecurity risks;
• assessing cybersecurity risks: identifying threats, vulnerabilities and impact
• prevention: the components of comprehensive cybersecurity policies;
• important aspects of incident handling: from public communications and cooperation with relevant EU/national bodies; to business continuity and disaster recovery planning;
• formulating policies to strengthen cybersecurity resilience: how do I design policy measures to make my sector or organisation cyber resilient?

Course methodology

In our course, we adopt a comprehensive approach combining an in-depth overview of the legislative and policy considerations to be taken into account when formulating cyber-resilient measures, and practical training.

Module 1 focuses on the regulatory cybersecurity framework and ecosystem. It provides a detailed overview of the legal and policy dimension of cybersecurity in Europe, and of the fundamental concepts in cybersecurity. These are necessary fundamentals to understand relevant EU Directives, Guidelines and Regulations and subsequently how to implement them within a cybersecurity framework.

Module 2 will offer you practical training on how to design and implement cybersecurity policies and practices.

We will provide practical guidelines and use-cases, good practices, and hands-on simulation exercises to allow you to understand, design, adopt and implement good cybersecurity measures in your workplace.

This course will help you to further your understanding of EU cybersecurity legislation, policies and practices, in addition to excellent practical knowledge and hands-on training regarding cybersecurity vulnerabilities, threats, prevention and policies.

All the sessions of this course are live streamed through a secure connection, to facilitate real-time interaction with our experts and other participants.

At the end of the course, you will receive a certificate of attendance.

You will also have access to the course materials for three months after the course on our online learning platform.

Recent reports warn us about cybersecurity skills gaps among non-IT experts across all sectors in the EU, including public officials, lawyers, administrative staff, healthcare professionals, Digital Ethics Officers, and database managers. This course is therefore not only relevant for technical staff but for also for those working alongside them (legal, communications, compliance, risk management, etc.) to ensure a compliant and effective cybersecurity ecosystem in their organisation. Whether you are a policymaker interested in incorporating cyber resilience in your policies, or a professional who wants to make their work and organisation safer, this training is designed for you.

Project number: 2511508

Online Course
For this online course we make use of Zoom

Project Officer
Marieke Lardinois
Tel: +31 (0)43 32 96 205
m.lardinois@eipa.eu

Discounts
EIPA member fee
EIPA offers a discount to all civil servants working for one of EIPA’s supporting countries, and civil servants working for an EU institution, body or agency

Who are the supporting countries?
Civil servants coming from the following EIPA supporting countries are entitled to get the reduced fee: Austria, Belgium, Bulgaria, Cyprus, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Spain, Sweden.

For all other participants, the regular fee applies

Early bird discount
The early bird discount is not cumulative with other discounts or promo codes, except for the EIPA member fee.

Loyalty coupon
As a token of appreciation we offer all our participants a loyalty coupon for one of our future courses. The offer can be shared with colleagues and relevant networks. The coupon will expire one year after its release. This discount is not cumulative with other discounts, except for the EIPA member fee.

Confirmation
Confirmation of registration will be forwarded to participants on receipt of the completed online registration form.

Payment
Prior payment is a condition for participation.

Cancellation policy
For administrative reasons you will be charged € 50 for cancellations received within 7 days before the activity begins. There is no charge for qualified substitute participants.

EIPA reserves the right to cancel the activity up to 1 week before the starting date. In that case, registration fees received will be fully reimbursed.

A few days before the start of the course you will receive the log-in details for accessing the course materials. You can log in here.