Written by 10:00 am EU Investment

What to expect in 2023

The European Union has an unusual IT strategy. While the US prioritizes the development of global tech giants, the EU focuses on becoming the sector’s leading regulator.

In 2022, the bloc launched two sweeping sets of stringent new rules: the Digital Markets Act (DMA), which seeks to bolster competition in online services, and the Digital Services Act (DSA), which aims to protect people from online harm. Analysts expect the regulatory drive to accelerate next year.

“The only thing we can be certain about is that there will be more regulation next year, and increased enforcement of it,” said Alan Calder, CEO of GRC International Group, a global provider of IT governance, risk management, and compliance solutions. 

To gauge the details, TNW asked IT experts across the bloc what they predict from the EU’s policies in 2023. All expect significant changes in legislation, with certain technologies particularly prominent in their forecasts.

Tighter security

Our experts expect significant developments in cyber security regulation. Kostas Rossoglou, Shopify’s Head of Public Policy and Government Affairs for EMEA and International, highlighted the importance of the Digital Operational Resilience Act (DORA).

The recently-adopted regulation aims to harmonize the financial sector’s approach to cybersecurity. To comply with the rules, organizations will need to review legacy IT systems and potentially invest in new software potential investment in new software. This may be costly in the short term, but Rossoglou is optimistic that it will pay off. He expects levels of security to increase, thereby limiting attacks, reducing downtime, and saving cash.

“Although it will be a couple of years before mandatory compliance, it will eventually put financial organizations in a much stronger position for handling outages, leaks, unauthorized access, and data loss,” he said. “Within the highly sensitive information that the financial sector holds, this is incredibly important.”

“It’s never too soon to be aware.

Another proposal working its way through the EU is the Cyber Resilience Act. This regulation will establish cybersecurity requirements for connected devices, which will provide consumers with transparency on practices, testing, and general functions.

The legislation is currently going through a consultation process. Rossoglou recommends organizations keep a close eye on its progress next year.

“It is likely to be a year or two before it is finalized and then organizations will be given a 24-month transition period to comply,” he said. “However, it is never too soon to be aware of upcoming changes. Regularly monitoring for updates will ensure that businesses are prepared for the changes in good time.” 

Kostas Rossoglou, Shopify’s Head of Public Policy and Government Affairs for EMEA and International