[42] African Union (2014), African Union Convention on Cyber Security and Personal Data Protection, https://au.int/en/treaties/african-union-convention-cyber-security-and-personal-data-protection.
[8] Akça, E. (2024), “The impact of digital services trade restrictiveness on trade in telecommunications, computer, and information services: evidence from OECD countries”, Yönetim ve Ekonomi Araştırmaları Dergisi, Vol. 22/2, pp. 1-13, https://doi.org/10.11611/yead.1367503.
[41] APEC (2019), APEC Framework for Securing the Digital Economy, https://www.apec.org/publications/2019/11/apec-framework-for-securing-the-digital-economy.
[62] Bruegel (2024), Overview of EU Legislations in the Digital Sector, https://www.bruegel.org/sites/default/files/private/2023-07/Tables_Scott_Kai.pdf.
[33] CEPR (2022), Commercial policies and regulations now fragment the digital economy, https://cepr.org/voxeu/columns/commercial-policies-and-regulations-now-fragment-digital-economy (accessed on 24 February 2026).
[56] Charter of Trust (2024), Cybersecurity Policy Manifesto, https://www.charteroftrust.com/wp-content/uploads/2024/04/CoT_Cyber_Policy_Manifesto_Final-1.pdf.
[23] Committee on Oversight and Government Reform (2024), Hearing Wrap Up: Duplicative and Inconsistent Regulations Are Harming Industry Cybersecurity Capabilities; Harmonization is Needed, https://oversight.house.gov/release/hearing-wrap-up-duplicative-and-inconsistent-regulations-are-harming-industry-cybersecurity-capabilities-harmonization-is-needed%EF%BF%BC/ (accessed on 24 February 2026).
[55] Common Criteria (2014), Common Criteria Arrangement, https://www.commoncriteriaportal.org/files/CCRA%20-%20July%202,%202014%20-%20Ratified%20September%208%202014.pdf.
[19] Council of the European Union (2024), Council Conclusions on the Future of Cybersecurity: implement and protect together, ST-10133-2024-INIT, https://data.consilium.europa.eu/doc/document/ST-10133-2024-INIT/en/pdf (accessed on 25 February 2026).
[2] CSO (2025), Group of CISOs calls on OECD, G7 for stronger alignment of security regs, https://www.csoonline.com/article/3968941/group-of-cisos-calls-on-oecd-g7-for-stronger-alignment-of-security-regs.html.
[57] Cyber Intelligence (2025), “The rising costs of DORA compliance”.
[22] Digital Policy Alert (2025), Japan: House of Representatives passed Bill on the Development of the Cyber Response Capability Strengthening Act, https://digitalpolicyalert.org/change/14009-bill-on-the-development-of-the-cyber-response-capability-strengthening-act (accessed on 9 March 2026).
[21] Dobell, A. and G. O’Neill (2025), Japan’s new Active Cyber Defense Law: A Strategic Evolution in National Cybersecurity, https://www.centerforcybersecuritypolicy.org/insights-and-research/japans-new-active-cyber-defense-law-a-strategic-evolution-in-national-cybersecurity (accessed on 9 March 2026).
[20] ENISA (2024), 2024 Report on the State of Cybersecurity in the Union, https://www.enisa.europa.eu/sites/default/files/2024-11/2024%20Report%20on%20the%20State%20of%20the%20Cybersecurity%20in%20the%20Union.pdf (accessed on 25 February 2026).
[18] ENISA (2024), NIS investments 2024 - Cybersecurity Policy Assesment, https://www.enisa.europa.eu/publications/nis-investments-2024.
[40] European Commission (2025), Digital Omnibus Regulation Proposal, https://digital-strategy.ec.europa.eu/en/library/digital-omnibus-regulation-proposal.
[49] European Commission (2025), Digital partnerships, https://digital-strategy.ec.europa.eu/en/policies/partnerships.
[54] European Commission (2025), EU cybersecurity certification framework, https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-certification-framework (accessed on 26 February 2026).
[50] European Commission (2025), Joint Statement on a United States-European Union framework on an agreement on reciprocal, fair and balanced trade, https://policy.trade.ec.europa.eu/news/joint-statement-united-states-european-union-framework-agreement-reciprocal-fair-and-balanced-trade-2025-08-21_en (accessed on 9 March 2026).
[44] European Commission (2024), Comparative Assessment of the DHS Harmonization of Cyber Incident Reporting to the Federal Government Report and the Rules on Incident Reporting in the NIS 2 Directive, https://digital-strategy.ec.europa.eu/en/library/comparative-assessment-dhs-harmonization-cyber-incident-reporting-federal-government-report-and.
[43] European Commission (2024), DHS and DG CONNECT announce initiative comparing cyber incident reporting to better align transatlantic approaches, https://digital-strategy.ec.europa.eu/en/news/dhs-and-dg-connect-announce-initiative-comparing-cyber-incident-reporting-better-align.
[45] European Commission (2024), U.S.-EU Trade and Technology Council (TTC), https://commission.europa.eu/topics/international-partnerships/eu-us-trade-and-technology-council_en.
[17] European Commission (2020), Impact Assessment Report Accompanying the document Proposal for a Directive of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:52020SC0345.
[48] European Union (2026), Cyber: European Union and Japan hold 7th Cyber Dialogue in Brussels, https://www.eeas.europa.eu/eeas/cyber-european-union-and-japan-hold-7th-cyber-dialogue-brussels_en.
[60] European Union (2024), Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence, https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng.
[59] European Union (2024), Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/182, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R2847.
[14] European Union (2022), Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive), https://eur-lex.europa.eu/eli/dir/2022/2555/oj/eng.
[58] European Union (2022), Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector, https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng.
[61] European Union (2019), Cybersecurity Act - Regulation (EU) 2019/881, https://eur-lex.europa.eu/eli/reg/2019/881/oj.
[39] FedRamp (2026), FedRamp, https://www.fedramp.gov/ (accessed on 26 February 2026).
[16] Frontier Economics (2023), Assessing the economic impact of EU initiatives on cybersecurity, https://www.frontier-economics.com/media/izyk5rgz/assessing-the-economic-cost-of-eu-initiatives-on-cybersecurity.pdf.
[46] GOV.UK (2026), UK-Japan strategic cyber partnership, https://www.gov.uk/government/publications/uk-japan-strategic-cyber-partnership/uk-japan-strategic-cyber-partnership.
[13] GSMA (2025), The Impact of Cybersecurity Regulation on Mobile Operators, https://www.gsma.com/solutions-and-impact/connectivity-for-good/public-policy/wp-content/uploads/2025/11/Impact-of-Cybersecurity-Regulation-on-Mobile-Operators.pdf (accessed on 24 February 2026).
[30] Hegyi, H. and L. Erdődi (2025), Connected and Exposed: Cybersecurity Risks, Regulatory Gaps, and Public Perception in Internet-Connected Vehicles, https://doi.org/10.48550/arXiv.2508.15306.
[52] ISO/IEC (2022), ISO/IEC 27000 family, https://www.iso.org/standard/iso-iec-27000-family.
[53] ITU (2025), ITU-T Recommendations, https://www.itu.int/en/ITU-T/publications/pages/recs.aspx.
[15] Laxmikant, Y. (2024), NIS2: How New EU Regulations Impact Businesses Worldwide, https://www.tisalabs.com/2024/07/03/nis2-how-new-eu-regulations-impact-businesses-worldwide/.
[47] Ministry of Foreign Affairs of Japan (2026), The 7th Japan-EU Cyber Dialogue, https://www.mofa.go.jp/press/release/pressite_000001_02034.html.
[34] NIST (2024), The NIST Cybersecurity Framework (CSF) 2.0, NIST, Gaithersburg, MD, https://doi.org/10.6028/nist.cswp.29.
[28] OECD (2025), OECD Regulatory Policy Outlook 2025, OECD Publishing, Paris, https://doi.org/10.1787/56b60e39-en.
[9] OECD (2024), “New perspectives on measuring cybersecurity”, OECD Digital Economy Papers, No. 366, OECD Publishing, Paris, https://doi.org/10.1787/b1e31997-en.
[1] OECD (2022), OECD Policy Framework on Digital Security: Cybersecurity for Prosperity, OECD Publishing, Paris, https://doi.org/10.1787/a69df866-en.
[7] OECD (2022), Shedding New Light on the Evolving Regulatory Framework for Digital Services Trade, https://www.oecd.org/content/dam/oecd/en/topics/policy-sub-issues/services-trade-restrictiveness-index/digital-stri/Shedding-new-light-on-the-evolving-regulatory-framework-for-digital-services-trade-July-2022_4July.pdf.
[12] OECD (2019), “Roles and responsibilities of actors for digital security”, OECD Digital Economy Papers, No. 286, OECD Publishing, Paris, https://doi.org/10.1787/3206c421-en.
[10] Ramirez, R. and N. Choucri (2016), “Improving Interdisciplinary Communication With Standardized Cyber Security Terminology: A Literature Review”, IEEE Access, Vol. 4, pp. 2216-2243, https://doi.org/10.1109/access.2016.2544381.
[6] RiskInsight (2023), Cyber regulatory landscape: challenges and prospects, https://www.riskinsight-wavestone.com/en/2023/09/cyber-regulatory-landscape-challenges-and-prospects/.
[11] Ruohonen, J. (2024), “The Incoherency Risk in the EU’s New Cyber Security Policies”, in Lecture Notes in Computer Science, Disruptive Innovation in a Digitally Connected Healthy World, Springer Nature Switzerland, Cham, https://doi.org/10.1007/978-3-031-72234-9_24.
[37] Securities and Exchange Commission (2023), Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, https://www.sec.gov/files/rules/final/2023/33-11216.pdf (accessed on 26 February 2026).
[29] Sedenberg, E. and J. Dempsey (2018), Cybersecurity Information Sharing Governance Structures: An Ecosystem of Diversity, Trust, and Tradeoffs, https://arxiv.org/abs/1805.12266 (accessed on 25 February 2026).
[26] Swimlane (2024), 2024 Regulation vs. Reality: Are the Fed’s Attempts at Wrangling Incident Disclosure Effective?, https://swimlane.com/resources/reports/cybersecurity-regulation-effectiveness/.
[4] Timmers, P. (2024), Cybersecurity and Digital sovereignty - Bridging the Gap, https://publications.tno.nl/publication/34643188/DvSKsfCM/timmers-2024-cybersecurity.pdf.
[51] United Nations (2021), Developments in the field of information and telecommunications in the context of international security, https://digitallibrary.un.org/record/265311?v=pdf.
[38] US CISA (n.d.), Federal Information Security Modernization Act, https://www.cisa.gov/topics/cyber-threats-and-advisories/federal-information-security-modernization-act (accessed on 26 February 2026).
[36] US Federal Register (2026), Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Rulemaking; Town Hall Meetings, https://www.federalregister.gov/documents/2026/02/13/2026-02948/cyber-incident-reporting-for-critical-infrastructure-act-circia-rulemaking-town-hall-meetings (accessed on 26 February 2026).
[24] US GAO (2025), Cybersecurity Regulations: Industry Perspectives on the Impact, Progress, Challenges, and Opportunities of Harmonization, https://www.gao.gov/products/gao-25-108436 (accessed on 24 February 2026).
[25] US NSTAC (2024), Measuring and Incentivizing the Adoption of Cybersecurity Best Practices, https://www.coursesidekick.com/information-systems/18218367 (accessed on 24 February 2026).
[27] US Office of the National Cyber Director (2024), Summary of the 2023 Cybersecurity Regulatory Harmonization Request for Information, https://bidenwhitehouse.archives.gov/wp-content/uploads/2024/06/Cybersecurity-Regulatory-Harmonization-RFI-Summary-ONCD.pdf (accessed on 24 February 2026).
[35] US White House (2023), National Cybersecurity Strategy, https://bidenwhitehouse.archives.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf (accessed on 26 February 2026).
[31] Walden, I. and D. Michels (2022), Getting Critical: Making Sense of the EU Cybersecurity Framework for Cloud Providers, https://doi.org/10.48550/arXiv.2203.04887 (accessed on 24 February 2026).
[5] World Economic Forum (2024), Global Cybersecurity Outlook 2024, https://www.weforum.org/publications/global-cybersecurity-outlook-2024/.
[3] World Economic Forum (2021), European Commission’s Cybersecurity Package Commentary in light of recent sophisticated supply-chain attacks, https://www3.weforum.org/docs/WEF_Commentary_in_light_of_recent_sophisticated_supply_chain_attacks_2021.pdf.
[32] Wright, B. (2025), Regulatory Pressure: A Threat to Innovation and Cybersecurity?, https://www.cybersec-365.com/articles/regulatory-pressure-a-threat-to-innovation-and-cybersecurity (accessed on 24 February 2026).