Europe 2022: new rules, cyber-attacks and the supply chain

With a number of new regulations due next year, and the pandemic still casting a long shadow, what does 2022 hold for tech in Europe?

Giorgia Ridolfi / | IDG

The forthcoming year will be a busy one in Europe for the tech sector with a great deal of new regulations coming down the track.

The sweeping set of competition and content moderation rules in the Digital Markets Act and the Digital Services Act have been thrashed out during much of 2021 and will likely pass the finish line in 2022. They will introduce a swathe of new obligations and restrictions on large tech firms, from stricter oversight on anti-competitive behaviour to tighter requirements on policing illegal or dangerous content on their platforms.

Regulations like these are front of mind for many companies, and their lobbyists, and were driven to the top of the agenda once again recently by Facebook whistle-blower Frances Haugen.

But the Digital Services Act and the Digital Markets Act are far from the only new rules that Europe’s IT industry will have to brace for in 2022.

Earlier in 2021, the European Commission presented its suite of rules for reining in artificial intelligence meanwhile a forthcoming European Chips Act aims to put Europe at the forefront of semiconductor development at a time when the world is suffering from severe shortages of chips in several industries.

While all of these issues are being hammered out, IT decision makers in Europe will continue to face a raft of challenges in the year ahead, from cybersecurity threats to supply chain chokepoints.

Increased spending

Spiceworks Ziff Davis, the IT marketplace, recently published its 2022 State of IT report, which noted that businesses in Europe are preparing to ramp up IT spending in a big way in 2022.

“Going into 2022, many companies are optimistic that we'll be able to get out of some of these challenges that we've seen amid lockdowns and Covid. The majority of businesses expect their revenues to increase, the majority of companies expect to increase their IT budgets,” Peter Tsai, head of technology insights, said.

“In Europe in particular, we see managed services spending as a percentage of overall budgets to be higher than in North America.”

Remote working has been a major driver of this, he said, forcing companies to invest in both software and hardware to keep their operations running.

“Companies see the value in investing in productivity solutions and security solutions and investing in these managed services and cloud services to enable productivity among a remote workforce.”

For organisations investing in hardware for their teams, pandemic-related chokepoints in supply chains also present issues.

“IT departments really saw [problems] at the beginning of the pandemic,” Tsai said. “There was a huge rush on laptops for example or anything supporting remote workers, from laptops to voice over IP devices, headsets, webcams, all of those things were basically sold out for months or the prices increased substantially.”

As part of the report, participants in the UK said they had supply chain concerns for the next year when it comes to sourcing products they need, more so than participants elsewhere in Europe: “It seems like every month something else is in limited supply.”

This could throw a spanner in the works in security spending, at least when it comes to hardware and equipment that is needed.


Kevin Breen is director of cyber threat research at Immersive Labs, a British cybersecurity start-up that provides security training to companies’ employees.

Even though the world is nearly two years deep into remote working being the norm, many companies are still grappling with the security challenges that this can bring. The slew of headlines in 2021 about ransomware laid that bare.

Breen said there is still a “blame culture” in infosec that is causing some issues to go unreported, often with employees afraid to report errors they’ve made for fear of reprisal from their bosses. Companies need to provide “a safe place for users in organisations to report something they think is odd, weird or suspicious”.

“We've seen a big transition over the last two years of people working from home. It's really hard to delineate the boundaries between what is work time and what is home time. We see more instances of people doing things like checking their personal email on their work devices,” Breen said.

“If a user was to do something like that, like open their own email and open something which triggered an AV alert or malware, they might not feel safe to report that. There's a big blame culture in infosec, or at least there used to be, around 'it's the user's fault'.”

Ashvin Kamaraju is global vice president of engineering and cloud ops at French defence and electronics giant Thales. He said that ransomware and supply chain cyber-attacks will remain a serious threat in the coming year despite growing awareness and education.

“There will be problems that will continue and even grow into next year. It's getting more and more sophisticated. So how does it evolve? I think it falls upon the CISOs and CIOs of all of the enterprises, be it government or private, to take a step back and really implement much more robust security policies in the context of what is happening in the supply chain attacks sphere or the ransomware sphere,” Kamaraju said.

A lingering question for all IT managers and the c-suite on cybersecurity and protecting dispersed teams – specifically on the matter of ransomware – is the question of whether or not to pay a ransom.

The prevailing position amongst much of the cybersecurity industry is that victims should not pay, that to do so only emboldens cybercriminals to continue their misdeeds while the promise of retrieving your data after payment is never guaranteed. However this doesn’t always wash with the reality faced by CEOs when there’s the very real prospect of their business going under.

“The consequences of that are that your business will be shut down, so far the technology is not advanced to the level where we can fight ransomware perpetrators,” Kamaraju said.

He added however that he is enthused by advancing work on blockchain analytics technologies that can be used to more effectively track and trace cryptocurrency transactions and to root out bad actors.

“There's a lot of research going on in tracing back where all these [ransomware funds] are going to, to which wallets.

“Now you will see tools that will combat the ransomware attacks. Even if companies pay the ransom there might be technologies that will go and trace where it went to and try to recover that.”