Digital world: what will be important in 2024?
Trust on the internet is an important factor in combating cyber threats. In the coming year, a number of new regulations will be implemented, developments will be driven forward and new technologies will be further developed. Four trends for 2024.
1. new regulations DORA and NIS2
NIS2 (Network and Information Security 2, cf. here) aims to harmonize cybersecurity requirements for critical infrastructure, while DORA (Digital Operational Resilience Act) emphasizes operational resilience in the financial sector. Both regulations place particular responsibility on supply chains and set out obligations for software providers. NIS2 is a directive that must be transposed into national law by October 2024. However, each EU country can implement this differently, which often causes problems for multinational companies such as banks.
DORA, on the other hand, is an EU regulation and is expected to come into force directly in the member states in 2025. DORA focuses on operational stability in the financial sector so that it can withstand a cyberattack and financial services remain available.
Companies should familiarize themselves with the new regulations at an early stage, as compliance in particular could otherwise cause problems. For NIS2, the BSI and BaFin are no longer responsible for auditing in Germany. Article 46 of DORA contains a whole series of authorities that are also supposed to guarantee compliance with the regulations - at best the ECB and BaFin.
2. eIDAS 2.0 and EU wallets
In February 2024, the EU Parliament will vote on a regulation on the introduction of digital wallets. If the legislative proposal passes the Parliament and the European Council, the regulation could come into force as early as spring 2024. Among other things, the proposal states that all 27 member states must offer their citizens a digital wallet by 2026, which they can use to identify themselves electronically. According to the EU Commission, 80% of the EU population should have such a wallet by 2030. However, there has been criticism from data protection and security experts, who believe that the anonymous use of digital services is at risk.
3. complete digitization of employment contracts
The German Evidence Act is intended to create a regulation according to which, as is already the case with written employment contracts, the employer's obligation to provide evidence of the essential contractual conditions can be waived if, for example, the employment contract was concluded in a valid electronic form. The obligation to provide written documentation was repeatedly criticized in the last draft law and prevented the complete digitalization of HR processes. The use of electronic documents, which can be signed with a qualified electronic signature in accordance with § 126a BGB and can therefore offer an adequate substitute for the written form. Not only because of this legislative initiative, but also for very practical reasons in the digital space, the qualified electronic signature will increasingly become the standard and gradually replace the handwritten signature on paper.
4. post-quantum cryptography
Quantum computers have been making headlines recently and the technology is getting closer and closer to practical use. It is currently difficult to predict when the superior computing power will be generally available, but it seems to be only a matter of time. The technology will then inevitably fall into the wrong hands and criminals will be able to use it to crack encryptions that were previously considered secure. Quantum computers allow the use of new algorithms that significantly reduce the computing time required to solve complex mathematical problems such as those used in cryptography.
This means that new algorithms are also needed for encryption that are so complex that they can also withstand attacks using quantum computers. IT security providers and trust services must therefore design their hardware and software today in such a way that they can integrate new, quantum-safe algorithms in the future.
This means that new algorithms are also needed for encryption that are so complex that they can also withstand attacks using quantum computers. IT security providers and trust services must therefore already be developing their hardware and software today.design them in such a way that they can integrate new, quantum-safe algorithms in the future.