The US and the EU have regulations and related standards for protecting this type of data which is known as controlled unclassified information (in the US) and sensitive non-classified information (in the EU). Despite important parallels in these efforts, there are large and potentially disruptive differences between the approaches taken by the US and the EU for protecting this information. This article will explore the various cybersecurity rules for controlled unclassified information in the EU and in the US, and will raise issues with these rules as they relate to public procurement. The article will also offer suggestions for better harmonisation between the two bodies of cybersecurity rules, so as to minimise potential trade barriers and other barriers to effective public procurement.
To read the full article, download the PDF below.