. _3-11-en:

Other regulation (advanced)¶

A cybersecurity professional should also be aware of the following phenomena:

The EU Agency for Cybersecurity ENISA 2004-. One of its tasks is to promote a cybersecurity culture, which naturally also influences legislators. The position of ENISA is now defined by:
The EU Cybersecurity Act (881/2019). It establishes a framework for the creation of European cybersecurity certification schemes to ensure an adequate level of cybersecurity for information and communications technology products, services and processes within the Union.
It is well known that certain professions are subject to statutory confidentiality obligations (e.g. legal, social and healthcare sectors). In these fields too, regulation may increasingly require addressing cybersecurity issues, which may give rise to conflicts in terms of confidentiality. A similar phenomenon exists in financial services, where there are both legal requirements and rules created within the sector.
In public administration, certain information is classified as confidential. These are typically secrets whose disclosure could harm defence, police investigations, state-supported intelligence activities, and similar interests.
Security technologies may be subject to export restrictions. History includes United States restrictions on cryptographic algorithms where implementations used keys longer than 40 bits (until the 1990s). The United States still maintains export restrictions on certain dual-use products, which include cryptographic implementations.