Public Procurement Law Review

Addressing the threat of cybersecurity breaches—unauthorised access to networks, applications, data and the like—is a global priority which includes the threat to and protection of unclassified data in government systems in public procurement. This is an acutely important issue because governments are some of the leading users of information technology in the world, and they oversee vast quantities of sensitive data.

The US and the EU have regulations and related standards for protecting this type of data which is known as controlled unclassified information (in the US) and sensitive non-classified information (in the EU). Despite important parallels in these efforts, there are large and potentially disruptive differences between the approaches taken by the US and the EU for protecting this information. This article will explore the various cybersecurity rules for controlled unclassified information in the EU and in the US, and will raise issues with these rules as they relate to public procurement. The article will also offer suggestions for better harmonisation between the two bodies of cybersecurity rules, so as to minimise potential trade barriers and other barriers to effective public procurement.

To read the full article, download the PDF below.