IT security regulation important both for security and trade


An increasing number of businesses encounter problems in trade with ICT products. Explanations lie in diverging regulations for IT security in different countries and the lack of international harmonisation. But which regulative path is best for both cybersecurity and international trade? This is discussed in a new report from the National Board of Trade Sweden. Senior adviser and author Heidi Lund tells us more.

What is the report about?

- I have analysed out how IT security in Information and Communication Technology (ICT) products can be regulated and in which manner the regulation has a bearing on international trade and market access. The report also discusses whether greater harmonisation of regulation in the field of IT security for ICT products is possible, as the current regulatory landscape is rather fragmented compared to many other product areas.

Why is this subject relevant to the National Board of Trade?

- To follow and analyse issues related to digitalisation is a priority for the National Board of Trade Sweden, being the government agency for trade policy. While digitalisation makes our society increasingly effective, the technology also presents serious vulnerabilities that governments and regulators have to address. IT security, however, is not only an issue for national security but also for trade policy. The National Board of Trade has a responsibility to highlight the dependencies and issues that have an effect on trade and market access internationally.

Senior adviser Heidi Lund
Senior adviser Heidi Lund.

- IT security regulation has substantial impact on trade. We have noted, for example, that the number of technical barriers to trade (TBTs) reported to the World Trade Organisation (WTO) is increasing. Further, we have observed that various countries have very different views on IT security regulation and to what extent regulation should be open and transparent. We therefore wanted to analyse what aspects influence IT security regulation and discuss whether it is possible to increase regulatory coherence internationally.

What are the most important conclusions?

- The report shows that the regulation of IT security in ICT products is a rather complex area, which does not follow the logic of goods regulation in other domains.

- IT security is to a high degree a policy challenge. It is important that policymakers and regulators have a holistic view before deciding on regulatory frameworks. Experts, policy makers and business should therefore closely monitor and openly debate new regulatory policies and approaches for IT security, especially regarding market access and international trade in ICT products. A decisive component here is to create trust, both between stakeholders and in the regulatory solutions, especially regarding market access and international trade in ICT products.

Was there something that surprised you when researching this subject?

- The insight that the real challenge in IT security regulation is not about technology, but rather about policy considerations. The regulatory decisions vary between countries based on how the countries perceive their information assets and the capabilities they have for protecting these assets. These two parameters are extremely difficult to harmonise. To find paths to improve IT security while observing trade effects is thus one of the most important questions in regulation.

Is there a time critical factor to the subject?

- Cyber incidents and attacks increase and have more and more serious consequences. At the same time the value of the cybersecurity market is measured in billions of euros. We need to increase the knowledge of what various measures mean and analyse whether regulations on IT security really are effective and justifiable.

- An ongoing policy initiative is the proposal for a European regulation on information and communication technology cybersecurity certification (the Cybersecurity Act). The positions and commitments taken by the member states in the EU will be interesting to follow from a trade perspective.

What do you hope for as a result of the report?

- I hope that more people realize the importance of IT security as well as the effects of IT security regulation, decision makers and regulators in specific. A holistic approach to the factors needed to be taken into account when deciding on IT security regulation, especially within international regulatory cooperation. National strategies that concern information and cybersecurity could more profoundly integrate aspects of trade and innovation.

Read the report The Cyber Effect – The implications of IT security regulation on international trade (PDF)


Heidi Lund, National Board of Trade Sweden
Phone: +46 8 690 49 25

To news archive

National Board of Trade, P.O. Box 6803, SE-113 86 Stockholm. 
Visiting Address: Drottninggatan 89. 
Phone: +46 8 690 48 00     Fax: +46 8 30 67 59


About Cookies