Cybersecurity, Cloud and Critical Infrastructure
C. Millard (ed.), Cloud Computing Law (2nd Edn, OUP 2021)
45 Pages Posted: 26 Sep 2022 Last revised: 25 Jan 2023
Date Written: May 1, 2021
Abstract
This paper looks at cybersecurity and the protection of critical national infrastructure, as an area of systemic risk to society. In particular, it looks at the obligations and potential penalties which apply to cloud providers under the regulatory framework established by the EU’s Network and Information Systems Directive (‘NIS Directive’). Various safeguarding and incident notification obligations apply to cloud providers either directly, because of their status as Digital Service Providers, or indirectly, because of their involvement in supply chains for essential services. We argue that there is a risk that this new regulatory framework might lead to only incremental improvements in the cybersecurity of Europe’s critical infrastructure and digital services, while generating substantial compliance activity, aimed at placating regulators and reassuring the general public.
Keywords: Cloud Computing, Cloud Services, Information Technology, Cybersecurity, Critical Infrastructure, Law, Regulation
JEL Classification: K00, K1, K13, K19, K2, K20, K23, K30, K32, K33, D62, D81, L5, L51, L86, L93
Suggested Citation: Suggested Citation