Author: Nik Fuchs

Trust in the Digital World: Key Trends for 2024 and Beyond

Trust in the internet is a crucial factor in combating cyber threats. In the coming year, several new regulations will be implemented, innovations will be driven forward, and new technologies will be derived. Ingolf Rauh, Head of Product and Innovation Management at Swisscom Trust Services, has identified four interesting trends for 2024.

 

1. New regulations DORA and NIS2

NIS2 (Network and Information Security 2) aims to harmonize cybersecurity requirements for critical infrastructures, while DORA (Digital Operational Resilience Act) emphasizes operational resilience in the financial sector. Both regulations hold supply chains accountable and establish obligations for software providers. NIS2 is a directive that must be implemented into national law by October 2024. However, each EU country may implement this directive differently, which often poses challenges for multinational companies like banks.

On the other hand, DORA is an EU regulation that is expected to come into effect in member states in 2025. DORA focuses on ensuring operational stability in the financial sector to withstand cyberattacks and ensure the continued availability of financial services.

Companies should familiarize themselves with these new regulations early on, as non-compliance could pose significant challenges. In Germany, the testing competence for NIS2 lies with the BSI or BaFin. Article 46 of DORA includes a range of authorities responsible for ensuring compliance, preferably the ECB or BaFin.

 

2. eIDAS 2.0 and EU-wallets


In February 2024, the European Parliament will vote on a regulation to introduce digital wallets. If the proposal passes the Parliament and the European Council, the regulation could become effective as early as spring 2024. The proposal states that all 27 member states must offer their citizens a digital wallet by 2026, allowing them to identify themselves electronically. The EU Commission aims for 80 percent of the EU population to have such a wallet by 2030. However, there have been criticisms from data protection advocates and security experts who believe that this could jeopardize the anonymous use of digital services.

 

3. Complete electronic employment contracts


In the German Proof of Employment Act, a regulation is set to be established whereby, just as with written employment contracts, the employer's obligation to provide proof of the essential contract conditions can be waived if the employment contract is concluded in a valid electronic form. This unresolved issue has been repeatedly criticized in the previous law draft, hindering complete digitization in the HR process. According to § 126a of the German Civil Code, the qualified electronic signature offers a solution, providing a substitute for written form. This is expected to become increasingly standard, gradually replacing the manual signature on paper.

 

4. Post-Quantum Cryptography


Quantum computers have been making headlines lately, and the technology is getting closer to practical use. It is difficult to estimate when the superior computing power will be widely available, but it seems to be only a matter of time. When the technology inevitably falls into the wrong hands, criminals can exploit it to break previously considered secure encryptions. Quantum computers allow for new algorithms that significantly reduce the computing time for solving complex mathematical problems used in cryptography.

This means that encryption also needs new algorithms that are complex enough to withstand attacks from quantum computers. Therefore, IT security providers and trust services must design their hardware and software today to integrate future quantum-secure algorithms.