Logo
Become a Client

Resource Regions: Western Europe

This is the second blog in IDC’s series focusing on the implications of the EU’s updated Security of Network and Information Systems directive, NIS2. The directive comes into force in January 2023, after which Member States have 21 months to transpose it into their national law – by October 2024.

The broad aim of NIS2 is to engender a high common level of cybersecurity in the EU, across all Member States, in the long term.

The first blog looked at the regional and national entities that are tasked with transposing and implementing the new directive, as well as some of the mechanisms that are being put into place to effect improved cybersecurity across the bloc.

This second instalment looks at which organizations NIS2 will apply to and what will be required of them.

Expanding the Reach

The first NIS directive introduced a clear focus on improving cybersecurity and risk management at critical infrastructure in Europe: energy (electricity, oil, and gas), transportation, drinking water supply and distribution, healthcare, banking and finance, and digital infrastructure (Internet Exchange Points, DNS service providers, and Top-Level Domain (TLD) name registries). These were defined as operators of essential services (OES’s).

The volume and frequency of cyberattacks since the first directive came into force has driven home the message that cybersecurity safeguards and improvements need to be more far-reaching. Industry sectors that may not be viewed as critical may supply components or services to critical infrastructure, from electrical equipment to medical devices. Disruption of food production and distribution or waste management can have a major impact on the function of society. Digital providers such as search engines and online marketplaces are recognized for their universal value.

Consequently, the NIS2 directive extends coverage into all these segments and more. A full list of sectors defined as high criticality or critical is below:

High Criticality Sectors

  • Energy.
  • Transport.
  • Banking.
  • Financial market infrastructures.
  • Health.
  • Drinking water.
  • Waste water.
  • Digital infrastructure.
  • ICT service management (B2B).
  • Public administration.
  • Space.

Other Critical Sectors

  • Postal and courier services.
  • Waste management.
  • Manufacture, production and distribution of chemicals.
  • Food production, processing and distribution.
  • Manufacturing (medical devices, computer, electronic and optical products, electrical equipment, motor vehicles, transport equipment).
  • Digital providers (online marketplaces, search engines and social networks).
  • Research organisations.

Furthermore, it is recognized that it is not only large enterprises that represent a target for cybercriminals or are fundamental to critical services. Consequently, the NIS2 directive also extends the scope to cover midmarket organizations with 250 or more employees and turnover of €10 million or more.

The To-Do List

So, if your organization falls within the sectors covered by NIS2, what requirements are coming your way in the next two years? There are two major aspects to this, detailed in Chapter 4 of the directive, Cybersecurity risk management measures and reporting obligations.

Article 21 of the directive covers the cybersecurity risk management measures and lists the following 10 areas as the minimum recommendation:

  • Policies on risk analysis and information system security
  • Incident handling
  • Business continuity and crisis management
  • Supply chain security
  • Security in network and information systems acquisition, development and maintenance
  • Policies and procedures to assess the effectiveness of cybersecurity risk-management measures
  • Basic cyber hygiene practices and cybersecurity training
  • Policies and procedures regarding the use of cryptography and, where appropriate, encryption
  • HR security, access control policies and asset management
  • MFA, continuous authentication, and secure communications where appropriate

It is likely that most entities within critical infrastructure sectors will already have many of these technologies and measures in place, to some degree. The question will be in the level of detail or prescriptiveness that member states go to when transposing this article into their national legislation.

The directive emphasizes that the implementation of these measures should take into account the state-of-the-art, relevant European and international standards, the cost of implementation, the degree of the entity’s exposure to risks, the entity’s size and the likelihood of occurrence of incidents and their severity, including their societal and economic impact. These considerations should be used to determine appropriate or proportional measures.

Article 23 of the directive covers reporting obligations and requires that in the case of any incident that has a significant impact on the provision of their services, essential and important entities notify their CSIRT or competent authority. An early warning should be submitted within 24 hours of the organizations becoming aware of a significant incident, and a more comprehensive incident notification should be submitted within 72 hours.

Further reporting obligations are detailed within the directive and it will be necessary for all organizations covered by NIS2 to familiarize themselves with these obligations once they have been transposed into their national law.

Conclusion

It is early days still for NIS2 and much will depend on the work done over the next 21 months. Nevertheless, the cyberthreats driving this directive will not wait and the benefits from improved cybersecurity measures will outweigh the risks.

Regardless of the final wording of the local versions of the directive, organizations can benefit from getting up to speed with NIS2 and engaging with the existing cybersecurity authorities within their countries to develop their strategies.

Mark Child - Associate Research Director, European Security - IDC

Analyst Profile
Associate Research Director Mark Child of IDC’s European Security Group leads the group's Endpoint Security and Identity & Digital Trust (IDT) research for both Western Europe and Central & Eastern Europe. He monitors developments in security technologies and strategies as organizations address the challenges of evolving business models, IT infrastructure, and cyberthreats. Mark's coverage includes in-depth security market studies, end-user research, white papers, and custom consulting.

November 2022 was a busy month for the European Commission, with two major pieces of legislation passed that aim to bolster the cybersecurity and cyber resilience of Member States and at organisations across the bloc.

The first was the Digital Operational Resilience Act (DORA), which covers the finance sector and companies that provide ICT services and infrastructure to financial sector entities. The second was the long-awaited update of the Security of Network and Information Systems (NIS) directive, known as NIS 2.

The broad aim of NIS 2 is to engender a high common level of cybersecurity in the EU, across all Member States, in the long term.

This is the first in a two-part IDC blog series that will focus on the implications of NIS 2.

The Clock is Ticking

The full text of the NIS 2 directive was published in the official journal of the European Union on December 27, 2022, and enters into force 20 days after that (January 16, 2023). Thereafter, Member States will have 21 months to transpose the directive into their national law (by October 17, 2024). What happens between now and then?

Building the Frame(work)

The next 21 months will be critical for the success of NIS 2 as regional and national bodies get to work on transposing the articles of the directive into their national legislation. Who will be responsible for this part of the process?

The prime mover in this respect will be the NIS Cooperation Group, which was established in 2017 to support the first NIS directive. The Cooperation Group comprises representatives of all the EU Member States, the European Commission and the EU Agency for Cybersecurity (ENISA).

The group will provide guidance to the national authorities of the Member States on transposing and implementing the directive. It will also provide guidance, advice and cooperation on numerous related areas including cybersecurity policy initiatives, capacity building, training and awareness, exchange of information and best practices, and vulnerability disclosure. It will also be responsible for defining standards and technical specifications, as well as maintaining a central register of essential and important entities in each country.

A second key group will be a network of computer security incident response teams (CSIRTs) across all the Member States. At least one CSIRT in each country will be designated as a competent authority for various roles including international cooperation and coordination, threat monitoring and analysis, and the provision of incident response and assistance to essential entities.

The third key entity is the European Cyber Crisis Liaison Organisation Network (EU-CyCLONe). Its task is to support coordinated management of large-scale cybersecurity incidents and crises at an operational level. It will also ensure regular exchange of information among Member States and relevant entities within the union. EU-CyCLONe’s role will really crank up once the directive is in place.

Key responsibilities will include:

  • Developing shared situational awareness for large-scale cybersecurity incidents
  • Assessing the impact of large-scale cybersecurity incidents and proposing potential mitigation measures
  • Coordinating the management of large-scale cybersecurity incidents and supporting decision making at the political level

Between them, these organisations, along with the Member States themselves, will be tasked with ensuring that when NIS 2 comes into force at the national level, it is appropriately transposed into national law and the countries are able to put in place the necessary structures and resources.

Kicking the Tyres

One criticism of the first NIS directive was that it lacked teeth. The EC is striving to establish NIS 2 more firmly throughout the bloc and one measure through which it seeks to do this is peer reviews. These are aimed at assessing at a national level the conformity, progress and readiness of the directive. For example, peer reviews will assess:

  • The level of implementation of cybersecurity risk management measures and reporting obligations
  • The level of capabilities, including available financial, technical and human resources
  • The operational capabilities of the country’s CSIRTs
  • The level of implementation of cybersecurity information-sharing arrangements

Peer reviews are to be carried out by designated cybersecurity experts from at least two Member States, at a maximum of once every two years. The experts conducting the reviews are expected to provide reports including recommended improvement on any of the reviewed aspects. Those reports will be submitted to the Cooperation Group and the CSIRTs network where relevant.

Conclusion

These entities and processes should ensure that at a regional and national level the EU and its Member States can develop a higher level of cybersecurity and resilience by adhering to the NIS 2 directive.

The second instalment of this blog series will look at which organisations NIS 2 will apply to and what will be required of them.

Mark Child - Associate Research Director, European Security - IDC

Analyst Profile
Associate Research Director Mark Child of IDC’s European Security Group leads the group's Endpoint Security and Identity & Digital Trust (IDT) research for both Western Europe and Central & Eastern Europe. He monitors developments in security technologies and strategies as organizations address the challenges of evolving business models, IT infrastructure, and cyberthreats. Mark's coverage includes in-depth security market studies, end-user research, white papers, and custom consulting.

“Humanity has a choice: cooperate or perish. It’s either a Climate Solidarity Pact — or a Collective Suicide Pact”.

COP27, held in Sharm El Sheikh, Egypt, in November 2022, began with this sobering opening statement from UN Secretary-General António Guterres. It set the mood for the two-week conference, which fell well short of meeting its targets. According to the Economist, “There is no way Earth can now avoid a temperature rise of more than 1.5°C. There is still hope that the overshoot may not be too big, and may be only temporary, but even these consoling possibilities are becoming ever less likely.”

Governments need to keep investing to tackle climate change, but they now also need to invest to increase our collective resilience. Since COP26 in 2021, not only has the geopolitical environment changed significantly, but the increase in global temperatures, causing wildfires and flooding, has reminded us of the heavy cost of inaction.

While people expect decisive action from their governments, their leaders seem overwhelmed with different priorities and planned investments.

A Real Test of Leadership

This year, 130 developing countries succeeded in their attempt to add the notion of “loss and damages” to the official COP27 agenda. But with COP now over for another year, that looks like the only success in 2022. Even that still needs to be ironed out, however, and it should also be remembered that it only tackles the consequences and not the causes.

Mahmoud Mohieldin, UN Climate Change High Level Champion for Egypt, reminded us that global warming is not only about changing the way we produce and consume energy, but also about the way we produce food. “Transforming food systems could release back the $12 trillion the world spends on the hidden cost of food, from transportation to fertilisers,” he said. “We could also eliminate nearly all of the 8.5% of emissions that come from agriculture.”

There are many reasons why such important matters were not intensively discussed at COP27, but we believe one of them was the lack of global leadership.

If no leader stands out when there is so much to coordinate and activate, the transformation must come from cooperation and greater transparency in the promises made to lower our emissions and our dependence on fossil energies.

COP28: Climate Data for the Common Good

Next year’s COP will come at the same time as the first report since the Paris Agreement of 2015, as the final biennial reports for developed countries will be multilaterally assessed to complete the final IAR cycle during 2023–2024. It’s hard to believe that the direction set in 2015 — to limit global warming to well below 2°C and preferably to 1.5°C — will be reached by then. It’s also hard to think that we will have concrete data to rely on by then.

Some initiatives with data transparency at their core have already been implemented. We think of the Climate Data Steering Committee, the EU’s Corporate Sustainability Reporting Directive and the One Data Hub. By the time these reporting mechanisms are live, there will be more data to track and report, including the loss and damages funds agreed at COP27.

These reports include the same KPIs and data format to follow up on, however. One goal for government executives will be to agree on a data format for each component of climate change, which will need to be transparent for citizens so that they can hold their governments to account.

Philosopher Günther Anders once explained the notion of the Promethean gap, which refers to the incapacity of the human brain to perceive the danger it might encounter. At the beginning of 2022, IDC revealed that the number 2 challenge for governments when attempting to become more sustainable was the lack of IT tools to measure the impact, which was almost as challenging as the lack of funds. If we need concrete data before we take action, it’s time to understand that when it comes to “cooperate or perish” it’s not too late to make the right choice.

Remi Letemple - Senior Research Analyst, IDC Government Insights - IDC

Analyst Profile
Remi Letemple leads IDC’s Worldwide Sustainable Transportation and Smart Vehicles Strategies service, where he provides strategic guidance and thought leadership on the future of mobility and transportation. Operating at a global level, he is recognized as a subject matter expert in smart mobility and transportation technologies—including connected, autonomous, shared, and electric mobility—enabled by software-defined vehicle (SDV) architectures, over-the-air (OTA) updates, cloud and edge platforms, and AI, including generative AI.

This year’s Enlit Europe, which took place between November 29 and December 1 in Frankfurt, attracted almost 18,000 visitors and 1,000 exhibitors from 100 countries — proving once again to be a reference point for the European (if not worldwide) utility sector.

Sessions on flexibility, energy transition, and digitalization, as well as numerous hub sessions, provided a great opportunity for knowledge sharing during the three-day event. Here are our key takeaways from discussions and debates with technology providers and utilities.

  • European power DSOs are feeling the pinch due to accelerating demand for electrification and distributed generation. One DSO from the DACH region we talked to said it expects requests for PV connections to increase fourfold this year over 2021 in power terms. A Scandinavian operator said it needed to deploy as much capacity by the end of the decade as it had built over the past century. This was expected, of course, as distribution is where most of the energy system transformation is taking place. But things have now spread to a large and diverse cross-section of the power distribution world and DSOs don’t want to become the bottleneck of the energy transition. Distributors urgently need tools to shed light on the LV level of their grid — for planning, operations, and maintenance purposes — and marketplaces to access and procure flexibility in coordination with fellow DSOs and TSOs.
  • Despite the events of the past 10 months, consumers still appear to be an afterthought for most energy suppliers and utilities (and numerous governments) across Europe. With energy and related energy costs top of mind for most customers, it was a great opportunity for companies to create awareness and educate customers on the energy transition, and the critical role they play in making it a reality. But that opportunity has been squandered, with companies failing to deliver on what matters most to customers: high-bill alerts and personalized, meaningful energy efficiency advice. Due to skyrocketing energy prices, energy suppliers are significantly worse off than before in terms of customer satisfaction and net promoter scores. By failing to support customers at a time of need, utilities have failed to change the narrative around them and become trusted energy advisors in the energy transition.
  • As the energy transition accelerates, partnering and co-innovation are becoming critical tools to accelerate the development of solutions designed to respond to this acceleration. These are no longer buzzwords on slideware. Co-innovation between utilities and solution providers is happening on the ground and it is slashing time to market by a factor of three on average. There are hardly any strategic product initiatives by established software providers in this space that are not driven in cooperation with a carefully curated group of end users, leveraging design thinking and agile principles. Partnering between the incumbent enterprise and operational software vendors in the utilities space and their specialty counterparts has also accelerated significantly, offering a new procurement paradigm that combines what we call a platform approach to operations with a new wave of best-of-breed.
  • The industry mantras of electrification, decarbonization, and energy transition continue to be recited despite the impact of the ongoing energy crisis. While the criticality of climate change can’t be neglected, it appears to some extent that the energy crisis has dampened the urgency for some companies and the industry as a whole to invest in making grids reliable for what’s to come. This is a concern, as some areas are already at risk of bottlenecks, as uptake of EVs, heat pumps, etc. increases. There are numerous European initiatives to foster electrification, such as “Fit for 55,” which will end the sale of new CO2-emitting cars in Europe by 2035, and “REPowerEU,” which aims to install 50 million heat pumps by 2030. But this begs the question: Where are we going to get all this power from”

The overall impression is that of an industry chugging along, conscious that it can’t do it alone and increasingly reliant on its partners and innovation with other sectors. We have seen pockets of real disruptive innovation, but for the most part the industry feels a bit weary, and understandably so.

Here’s to brighter times when we meet in Paris at next year’s Enlit Europe.

At IDC’s European Manufacturing Digital Summit 2022, on November 15, 2022, over 79 “live” attendees from across 21 countries discussed the key theme of the event — “Thriving in Manufacturing with PRIME — Purpose, Resilience, Imagination, Mastery and Ecosystems”.

The summit featured an impressive panel of speakers from our partners and the manufacturing CxO community, complemented by insights from the European IDC Manufacturing Insights team.

Based on the presentations and roundtable discussions from 14 sessions, our top 10 manufacturing trends in Europe are as follows:

  1. Manufacturing organisations must leverage IT to achieve quick wins and build long-term capabilities

The current storms of disruption in Europe may not change manufacturing organisations’ approach to everyday work, but they had led to a greater focus on solving immediate challenges while keeping an eye on longer-term strategic investments. Immediate initiatives focus on increasing efficiency (to reduce costs), flexibility and agility (to better master unpredictability). IT can significantly help the business to weather these storms of disruption, be it supply chain challenges, inflationary pressures, cyberattacks, skills gaps or escalating energy prices. But IT must also ensure that long-term business needs can be met — key to making manufacturers more resilient in the long term.

  1. Automating and sharing data in an integrated and trustworthy way is a challenge

Often the technology itself is not the challenge — the challenge is having a robust model and approach that enables different technologies and the data they generate to be integrated in a secure way without creating silos so they can provide value to users inside and outside the company.

  1. A zero-trust approach to cybersecurity

Manufacturing organisations must be consistent in providing access and security in every connected environment: from factory-level IT and OT to plants being globally deployed. When mapping the security architecture, manufacturers need to look at the overall security posture. In OT and IT, they need to be careful about both known and unknown threats. They need to build rules to block known threats and warn of suspicious behaviour. The key is to recognise the nature and impact of potential threats and risks, and articulate their vision in a way that is relevant to C-level business leaders.

  1. Location data for process automation can empower OT and relieve IT

Location-based process automation can make IT’s job easier and empower OT to tackle automation projects themselves. Improving transparency and driving process automation on the shop floor is about bridging vertical IoT system silos, including different location technologies (e.g., GPS, RFID, UWB) and respective middleware.

  1. “Phygital” (IT/operational) convergence to avoid business performance divergence

Operational equipment instrumentation is steadily increasing along with factory connectivity, driving the growth of data in the manufacturing industry. Companies that see data management as an issue to solve, rather than an opportunity to exploit, will have a problem keeping their processes up to speed. IT and OT convergence through integrated governance models is a vital step in this journey.

  1. Industry ecosystems will rely on IT-OT integration

Bridging the gap between IT and OT will be essential in the context of industry ecosystems, which are increasingly generating value. A core pillar for this is operational data exchange, but this requires trust, appropriate platforms, infrastructures and applications that support use cases.

  1. Best-in-class companies use intelligent automation to transform their business holistically

Intelligent automation can provide value in several scenarios, such as rethinking products and services, automating operations, streamlining supply chains, engaging customers, empowering employees and reimagining manufacturing. The ability to apply intelligent automation holistically (end to end) will be a key differentiator and source of competitive advantage for manufacturing companies.

  1. Data can be a foundation for sustainable manufacturing

Data will continue to be a key driver of sustainable manufacturing due to decarbonisation, the battle for talent and the need to increase supply chain resilience and optimise production to maintain competitiveness. It has long been said that “data is the new gold” — when it comes to manufacturing, it’s quite simple.​ On the shop floor, making data visible is the key. According to Peter Drucker, “You can’t manage what you can’t measure”​. Manufacturers are therefore turning to digital twins to make their factories more resilient overall. For instance, solutions using existing technologies — such as sensors, PLCs and IIoT devices to detect vibration, temperature, moisture, noise, etc., or machine vision — are all available.

  1. Finding the optimal interaction between humans and machines

It’s important to use technology to raise worker productivity and offset the critical skill shortages on the shop floor. It will be crucial to get the right degree of interaction between humans and automation technologies (such as AI, RPA and AR/VR) to maximise employees’ potential and avoid conflict. Using low-code and self-service platforms also helps to make data streams human-friendly.

  1. Doing more with less

As rising costs, supply chain issues and other challenges continue to mount, manufacturers are applying more intelligent solutions and technology to do more with less. It will be vital for organisations to optimise decision-making processes to enable data-driven decision making by utilising industrial IoT, cloud, AI and mixed reality, and infusing them with more intelligent and collaborative business applications.

 

Getting Ready for the 2023 Manufacturing Summit in Germany… But First, Some Thank Yous

The IDC European Manufacturing Digital Summit 2022 was very well received by our manufacturing CxO community and our partners, as it provided the opportunity to get the latest insights from IDC and its partners, discuss industry challenges, share lessons learned and network with peers.

We’d like to thank all our sponsors — Citrix, Fujitsu Uvance, Elastic, Kinexon, Nozomi Networks, Palo Alto Networks, Microsoft Radiflow and UiPath — and our Advisory Board Members for making the summit such a success.

All the recordings of our keynote presentations and panel discussions are now available at our on-demand centre.

We have already started prep work for next year’s event, which will be a physical event scheduled for May 22–23 in Cascais, Portugal. We look forward to continuing the dialogue with our 2023 theme, “The Purpose-Led Manufacturer: Thriving with Impact, Scale and Trust”. Please stay tuned.

If you’re interested in joining our manufacturing CxO community or if you’d like to help us to create and shape the agenda for next year’s event, please reach out to Stefanie Naujoks (snaujoks@idc.com) or to anyone on the IDC Manufacturing Insights EMEA team.

Gunjan Bassi - Research Manager - IDC

Analyst Profile
Gunjan Bassi has more than 14 years' experience working in the logistics and transportation sector. Before joining IDC, she worked with Transport Intelligence (Ti), a transportation and logistics research firm based in Bath, England, where she was responsible for vertical sector research covering qualitative and quantitative reports. She was also actively involved in the development of new research capabilities and product features of Ti's flagship market intelligence portal. Previously, based in India, she was leading the global logistics research team at Evalueserve where she was responsible for running custom research projects commissioned by leading logistics service providers (LSPs) and focussed on strategy/GTM, sales enablement, and market and competitive intelligence. Bassi holds a bachelor's degree from Shri Ram College of Commerce (SRCC), Delhi University, and post-grad studies in management.

Proactive Approach to Monitoring and Responding to Digital Regulations

In a fast-moving business environment, having actionable information about the external drivers shaping economies in both the short and long term is key to success. New regulations and major policy changes can shake up markets and hurt businesses, while informed and resilient organizations will ride those waves and seize opportunities to become more competitive.

There was a compliance rush when General Data Protection Regulation (GDPR) entered in effect in 2018, with companies looking for last-minute guidance and quick solutions to comply and avoid hefty fines and other legal actions. Unfortunately, most organizations adopted this reactive approach. But others attended to the new requirements in advance — in particular, some tech vendors created new products and services to address this new market created by GDPR.

Since then, the digital economy has become even bigger — according to the World Bank (2022), the digital economy represents 15% of the global economy. Consequently, there has been a proliferation of digital regulations and policies worldwide, with more than 100 countries mirroring GDPR.

And in the EU, dozens of new regulations have been created to address ever-more relevant digital markets. Beyond mapping more than 30 EMEA new or updated regulations, IDC’s EMEA Digital Regulations and Policies Radar examines 10 of the most relevant regulations and policies in EMEA and analyzes their impact on European ICT markets.

10 Key European Digital Regulation & Compliance Developments

 

  1. DORA

The Digital Operational Resilience Act addresses the concerns of a possible systemic risk stemming from the prominent role of critical ICT service providers in the financial industry

  1. DGA

The Data Governance Act is expected to make more data available and facilitate data sharing across sectors and EU countries

  1. AI ACT

The EU Artificial Intelligence Act is a legal framework proposed in response to ethical challenges presented by AI

  1. eIDAS

The EU Electronic Identification Authentication and Signatures Regulation created a Europe-wide legal framework for electronic identification, transactions, and signatures

  1. NIS II

The EU Directive on Security of Network and Information Systems Directive II requires Member States to have in place resilient and effective national cybersecurity regimes.

  1. DMA

The Digital Markets Act is the EU’s legislation to make the digital sector fairer and contestable, it establishes new rules to limit the market power of big online platforms

  1. DSA

The Digital Services Act (DSA) is meant to protect the fundamental rights of EU-based users of digital services and create new opportunities for digital-first businesses

  1. 5G Regulations

All regulations related to 5G network capacity and spectrum allocation

  1. CSRD

The European Commission Corporate Sustainability Reporting Directive mandates large organizations in Europe to report on sustainability standards

  1. EU Chips Act

The “EU Chips Act” is a competition policy aimed at bolstering the regional internal production of semiconductors

 

The European digital regulatory landscape has unique characteristics that must be addressed for a proactive digital regulatory strategy. The many acronyms and complex scenarios derived from the many acts, directives, and policies from the EU can be daunting at first sight, but to future proof your organization, we recommend three actions to proactively approach your digital regulatory strategy:

  • Monitor closely the regulatory landscape to anticipate current and future challenges
  • Link your go-to-market strategy and product development (e.g., adding new features and controls) to upcoming regulatory requirements
  • Work with the tech vendor ecosystem to buy or develop the right technologies to achieve short-term compliance efficiency (via automated compliance software from RegTechs)

Please contact us if you’d like to know more about this research stream, especially if you are a tech vendor interested in developing solutions in the RegTech market or a tech vendor that can be directly impacted by new digital standards in the European market. You can access our new subscription product, featuring European regulations and policies, here European Digital Regulations and Policies Radar (idc.com) or contact Anielle Guedes at anguedes@idc.com.