Abstract

The concept of “cybersecurityµ, which is constantly evolving, does not lend itself to unambiguous interpretations. At the same time, there is no clear definition of “cyber resilienceµ and little attention is paid by the relevant literature on how this concept is operationalised in EU cybersecurity legal frameworks. Against this backdrop, this contribution proposes a legal-analytical analysis of the concept of “(cyber) resilienceµ in the EU cybersecurity legal framework. To this end, the investigation intends to (i) provide a preliminary and functional definition of “(cyber)resilienceµ, looking at the experience of other scientific fields; (ii) extrapolate the typifying factors of the notion of resilience from the analysed definitions in order to identify the constitutive elements of the relationship between “(cyber)resilienceµ and “(cyber)securityµ; and, (iii) examine how recent legislative acts adopted and proposed by the EU legislature in the emerging cybersecurity policy area combine the relationship between (cyber)resilience and cybersecurity.