Digital Legal Lab member Mattis van ‘t Schip has published a new paper, titled “The Regulation of Supply Chain Cybersecurity in the NIS2 Directive in the Context of the Internet of Things“ in the European Journal of Law and Technology!
A little bit about his paper:
An increasing number of actors are engaged in collaborative efforts to design, develop, and manufacture modern ICT products within supply chains. However, this collaborative approach also introduces new cybersecurity vulnerabilities at each stage of the chain, potentially jeopardizing the integrity of the entire system and the resulting ICT products. To mitigate these risks, it is imperative to implement robust supply chain cybersecurity measures.
The EU Network and Information Systems (NIS2) Directive, enacted in 2023, establishes regulatory frameworks for enhancing cybersecurity, particularly focusing on network and information systems within critical sectors such as energy and healthcare. While initially appearing aligned with established risk management principles, closer examination reveals shortcomings in adequately addressing the nuanced challenges of supply chain cybersecurity.
In essence, the provisions of the NIS2 Directive represent a missed opportunity, as they fail to comprehensively grasp the complexities inherent in securing supply chains against cyber threats in practical terms.
You can read his paper by clicking here.
About Mattis van ‘t Schip:
Mattis is a PhD researcher at Radboud University, focusing on the cybersecurity and privacy regulation of Internet of Things (IoT) devices. His research primarily explores the landscape of European cybersecurity regulation and the evolving strategies of the European Union in this domain.