European organizations expressed their concerns and the impact the believe they will face from Regulations in the coming years of 2023 and 2024, when asked about it in the European Enterprise Acceleration Survey (n=1500). The survey was conducted in late 2022 and we found that the top three priorities for European organizations are in the domains of Cybersecurity, Data Governance and Sustainability.
However, the perception or Regulatory impact varies within European regions, as the political and economic differences reflect in organizations’ regulatory focus for the coming years.
For instance, Western Europe and Central Eastern Europe bear significant differences as the organizations from Western Europe are more concerned about Sustainability Regulations and Safety of products (quality). Meanwhile, organizations from Central Eastern Europe see a higher impact coming from Cybersecurity and Privacy regulations.
Central Eastern Europe
Given the geopolitical context with the war on Ukraine, countries like Czech Republic, Poland and Romania have the highest concern about Cybersecurity Regulations. Those countries have already felt the geo-economic impacts of the conflict in Ukraine, and organizations can find themselves in a situation of lack of compliance with both EU and local regulations.
Particularly in the Czech Republic, there has been a push for Cybersecurity regulations by the National Cyber and Information Security Agency (NUBIK) in the last 5 years, as well as a dependency reduction from foreign parties since the war started in Ukraine. Lukáš Kintr, Director of NÚKIB, commented on the progress of the new draft legislation on high-risk suppliers assessment of technology: “The Czech Republic can have a comprehensive system for reducing the state’s dependence on untrustworthy foreign suppliers within two years. In the field of information technology, we hope to avoid the situation we are currently observing, for example, in connection with oil and gas supplies from the Russian Federation.“
Moreover, with the upcoming application of the NIS2 Directive, several industries included in the Critical Infrastructure category will be touched by the new security requirements. As the tighter Cybersecurity Regulations in the EU comes to place in the next 18 months, EU countries will need to transpose it into national laws and organizations will need to understand how to implement those.
Western Europe
Western Europe organizations hold the same pattern without great discrepancies and have a balanced Regulatory impact assessment profile. Some specificities can be found in France, Netherlands and the UK.
France
France has the highest concern with Ethical-AI Regulations in Europe. France has started to roll-out their policies about the topic from 2018 on, following the publication of the National AI strategy, and the creation of the French National Committee for Digital Ethics.
The country has been historically a leader in the Ethics of technology and AI policymaking, not only from a restriction and liability standpoint but also from a talent and skills investment perspective.
Netherlands
Netherlands is the country with the highest perceived impact of Privacy Regulations, given the high degree of awareness of their citizens and therefore the concern of Dutch organizations. Even if Germany is the leading country on the Privacy subject, Netherlands leads the Privacy Impact Assessments (an instrument for determining privacy risks of data processing in advance).
United Kingdom
The UK is the Western European country with the greatest focus on Data ownership and control regulations, hence the Digital Regulatory misalignment caused by Brexit and the harmonization needed for UK organizations to keep operating in European countries.
Nordics
On another sub-European region, the Nordics, we see yet another response to the contextual geopolitical challenges. The highest regulatory impact perceived by Nordics organizations is around Digital Sovereignty Regulations.
This is explained by the perceived risk of the geographic proximity to Russia, and the increase of the state-sponsored attacks to Nordic countries, especially after the beginning of the war on Ukraine. As the region has the highest digital maturity of European, the direct cyber response is in place (updated infrastructure, high cyber skills, security systems in place, etc.) and new concerns about business implications of the geopolitical context arise.
The Nordics has nonetheless the highest perception of impact coming from Sustainability Regulations in Europe. Historically, the sub-region has had the most relevant political push for green and environmental regulations.
Norway has a number of local regulations around the ESG dimension, such as the Transparency Act, which will required amendments to be compliant with the new Corporate Sustainability Reporting Directive from the EU. Organizations in the Nordics, even if very advanced in terms of compliance with ESG-related Regulations, have to juggle with tighter requirements and uncertainty of the compatibility of the national and EU regulations.
Recommendations for Tech Providers
- Geo-based sales enablement: Base your go-to-market strategy, sales message and product offerings on the regulatory priorities of organizations for the next two years, taking into consideration not only industry but specific geography (sub-region and country).
- Target the top regulatory concerns across the continent: European organizations will be required to comply with many new or update regulations at the EU and local level. Target the three top areas first: Cybersecurity, Data Governance and Sustainability.
- Focus on technology to help automate compliance procedures: Technology should be a facilitator of the compliance process. Provide your customers with Digital Regulatory Intelligence Solutions, the technologies for monitoring, data processing and reporting.
If you want to know more about this Research, access the report or contact Anielle Guedes.