The Concept of Cyber Resilience in the European Union Law
Grażyna Maria Szpor
Cardinal Stefan Wyszyński University in Warsaw , Polandhttps://orcid.org/0000-0002-3264-9360
Abstract
The legal framework for digital transformation in the European Union is being supplemented by further acts that should enable it to meet current challenges while respecting EU values and principles redefined in the context of cyberspace. An example is Regulation 2024/2847 on horizontal cybersecurity requirements (Cyber Resilience Act). It does not define the term used in the abbreviated title. The relationship between cyber resilience and cybersecurity, and their place within the conceptual framework of digital transformation, remains unclear. This article aims to identify terminological issues that require doctrinal agreement, to consider the possibilities for achieving this, and to propose solutions. An analysis of how the purpose of the act is reflected in its title, definitions, scope, structure and initial stage of application was carried out using a legal-dogmatic method, including a systemic approach. It confirmed the verified hypotheses about the underestimation of the importance of short titles of acts in EU legislative processes and the untapped potential of the concept of cyber resilience in increasing the consistency and transparency of law, which is essential for its effectiveness. The result is a proposal to amend EU legislative drafting rules on short titles and to adopt a general definition of cyber resilience as a higher-order concept capable of integrating scattered sectoral regulations and performing an organizing function for digital transformation processes in legal doctrine.
Keywords:
EU law, digital transformation, cybersecurity, cyber resilience, definitionReferences
Björck, Fredrik, Martin Henkel, Janis Stirna, and Jelena Zdravkovic. “Cyber Resilience – Fundamentals for a Definition.” In New Contributions in Information Systems and Technologies. Vol. 1, edited by Alvaro Rocha, Ana Maria Correia, Sandra Costanzo, and Luis Paulo Reis, 311–16. Cham: Springer, 2015. https://doi.org/10.1007/978-3-319-16486-1_31. (Crossref)
Chiara, Pier Giorgio. “Understanding the Regulatory Approach of the Cyber Resilience Act: Protection of Fundamental Rights in Disguise?.” European Journal of Risk Regulation 16, no. 2 (2025): 469–84. https://doi.org/10.1017/err.2025.9. (Crossref)
Czerniawski, Michał. “Artykuł 93.” In Akt o usługach cyfrowych. Komentarz [Digital Services Act. Commentary] edited by Dominik Lubasz and Monika Namysłowska. Warsaw: Wolters Kluwer, 2024. SIP LEX.
Dygnatowski, Sławomir. “Cybersecurity as the Foundation of Critical Infrastructure Security in the Context of Contemporary Threats.” Journal of Konbin 50, no. 4 (2020): 309–20. https://doi.org/¬ 10.2478/jok-2020-0089. (Crossref)
Fajgielski, Paweł. “Artykuł 99.” In Ogólne rozporządzenie o ochronie danych. Ustawa o ochronie danych osobowych. Komentarz, 3rd ed., edited by Paweł Fajgielski, 794. Warsaw: Wolters Kluwer, 2025.
Hausken, Kjell. “Cyber Resilience in Firms, Organizations and Societies.” Internet of Things 11 (2020): 100204. https://doi.org/10.1016/j.iot.2020.100204. (Crossref)
Jaroszyński, Tomasz. Rozporządzenie Unii Europejskiej jako składnik systemu prawa obowiązującego w Polsce [European Union Regulation as a Component of the Legal System in Force in Poland]. Warsaw 2011. Lex/el.
Linkov, Igor, and Alexander Kott. “Fundamental Concepts of Cyber Resilience: Introduction and Overview.” In Cyber Resilience of Systems and Networks: Risk, Systems and Decisions, edited by Alexander Kott and Igor Linkov, 1–25. Cham: Springer, 2019. https://doi.org/10.1007/978-3-319-77492-3_1. (Crossref)
Pilarski, Grzegorz. “Tackling Cyberspace Threats: The International Approach.” Security and Defence Quarterly 12, no. 3 (2016): 100–17. https://doi.org/10.35467/sdq/103238. (Crossref)
Ruohonen, Jukka, and Paul Timmers. “Vulnerability Coordination under the Cyber Resilience Act.” Applied Cybersecurity & Internet Governance 4, no. 1 (2025): 1–18. https://doi.org/10.48550/arXiv.2412.06261. (Crossref)
Silicki, Krzysztof. “Cyberodporność wspierana przepisami prawa UE: akt o cyberodporności (CRA) i dyrektywa NIS 2” [Cyber Resilience Supported by EU Laws: Cyber Resilience Act and NIS2 Directive]. In Internet. Cyberodporność. Cyber Resilience, edited by Agnieszka Gryszczyńska, Grażyna Szpor, and Wojciech R. Wiewiórowski, 105–18. Warsaw: C.H. Beck, 2025.
Skoczylas, Dominika. “Wzmocnienie zdolności Unii Europejskiej w zakresie cyberbezpieczeństwa – cybersolidarność w kontekście cyberzagrożeń” [Strengthening the European Union’s Cybersecurity Capabilities: Cyber Solidarity in the Context of Cyber Threats]. Europejski Przegląd Sądowy, no. 12 (2024): 39–44.
Szafrański, Bolesław, ed. Cyberbezpieczeństwo: redefinicja zagrożeń [Cybersecurity: Redefining Threats]. Warsaw: Wojskowa Akademia Techniczna, 2023.
Szpor, Grażyna. “Introduction.” In Internet. Cyberodporność [Cyber Resilience], edited by Agnieszka Gryszczyńska, Grażyna Szpor, and Wojciech R. Wiewiórowski, LXI. Warsaw: C.H. Beck, 2025.
Szpor, Grażyna. “Prawa jednostki i wspólnoty w Cyfrowej Dekadzie” [Rights of Individuals and Communities in the Digital Decade]. In W trosce o dobro wspólnoty i jednostki – zagadnienia administracyjnoprawne. Księga jubileuszowa dedykowana Profesor Zofii Duniewskiej [For the Good of the Community and the Individual – Administrative and Legal Issues. Jubilee Book Dedicated to Professor Zofia Duniewska], edited by Barbara Jaworska-Dębska, Monika Kapusta, Aneta Kaźmierska-Patrzyczna, Piotr Korzeniowski, Anna Król, Ewa Olejniczak-Szałowska, Agnieszka Rabiega-Przyłęcka, and Przemysław Wilczyński. Warsaw: Wolters Kluwer, 2024. LEX/el.
Szpor, Grażyna, and Paweł Hajduk. “Współdziałanie w egzekwowaniu przepisów z zakresu cyberbezpieczeństwa” [Cooperation in the Enforcement of Cybersecurity Regulations]. In Cyberbezpieczeństwo. Współpraca versus konfrontacja informacyjna. [Cybersecurity: Cooperation versus Informational Confrontation] ed. Bolesław Szafrański, 297–307. Warsaw: Wojskowa Akademia Techniczna, 2025.
Szpor, Grażyna, and Paweł Hajduk. “Współpraca a współdziałanie między organami administracji w regulacji sztucznej inteligencji w Polsce.” In Prawo Sztucznej Inteligencji i Nowych Technologii (forthcoming).
van ‘t Schip, Mattis. “The Cyber Resilience Act and Open-Source Software: A Fine Balancing Act.”
Journal of Intellectual Property, Information Technology and E-Commerce Law 16, no. 1 (2025) 73–87.
Wiewiórowski, Wojciech R. “Europejskie rozumienie cyberodporności” [European Understanding of Cyber resilience]. In Internet. Cyberodporność [Internet. Cyber Resilience], edited by Agnieszka Gryszczyńska, Grażyna Szpor, and Wojciech R. Wiewiórowski, 95–104. Warsaw: C.H. Beck, 2025.
Wikipedia. “Cyber Resilience.” Accessed . https://en.wikipedia.org/wiki/Cyber_resilience.
Wronkowska, Sławomira. “O stanowieniu i ogłaszaniu prawa oraz o kulturze prawnej” [On the Enactment and Promulgation of Law and on Legal Culture]. Państwo i Prawo, no. 4 (2007): 3–15.
Wronkowska, Sławomira, and Maciej Zieliński. Komentarz do zasad techniki prawodawczej [Commentary on the Principles of Legislative Technique]. Warsaw: Wolters Kluwer, 2004.
Cardinal Stefan Wyszyński University in Warsaw https://orcid.org/0000-0002-3264-9360
