As the voice of American businesses invested in Europe, AmCham EU emphasises the transatlantic dimension and the need for a coordinated international approach to ICT risk management in this paper. The recommendations contained within this paper therefore focus on building on existing international practices and call for openness to incorporating international best practices into the implementation of the EU’s digital operational resilience.
The issues addressed in this paper include general principles; cloud computing; third-country provisions; intragroup delegation; ICT risk management; legislative consistency; the designation critical third-party providers; testing; incident reporting; EU oversight of critical third-party providers; contractual arrangements; outsourcing and sub-outsourcing; cyber threat information sharing; sanctions and penalties; oversight fees; and the implementation period.

:focal())
:focal())
:focal())