Many countries around the world are introducing cybersecurity legislation that require private and public players to implement specific technical and organisational safeguards to protect against cyberattacks throughout the entire supply chain. Recent examples include: NIS2 Directive and the Digital Operational Resilience Act (DORA) in the EU; UN regulations R155/156; and US Federal laws, regulations and standards, such as the ’Sound Practices to Strengthen Operational Resilience’ paper issued by various US Federal institutions, the amendments introduced by the Federal Trade Commission related to the Gramm-Leach-Bliley Act (GLBA), the Federal Information Security Management Act of 2002 (FISMA) and the Cybersecurity Information Sharing Act (CISA). One key aspect of such regulatory frameworks is often the objective to improve ‘operational resilience’ in digital services and other technology.

This panel session will explore the concept of ‘operational resilience’ from different perspectives and, specifically, if and how contractual arrangements can contribute to operational resilience. In addition, the panel will discuss practical aspects and challenges in implementation of local or regional cybersecurity regulation in national, regional and global organisations.