Introduction

One of the main challenges to states in the provision of cybersecurity is the speed at which new threats and risks materialize – often one step ahead of the legislation and institutional procedures meant to keep cyberthreats at bay. In a nation like Romania, where legislation needs to be coordinated through the EU process, states may find themselves working especially hard to keep up with new risks and challenges.

On an EU level, other than the General Data Protection Regulation (which deals with user privacy and the protection of personal data), the most significant piece of cybersecurity legislation is the NIS Directive on the security of network and information ...