Europeanisation on demand: The EU cybersecurity certification regime between market integration and core state powers (1997-2019)

Ido Sivan-Sevilla*

*Corresponding author for this work

Research output: Contribution to journalReview articlepeer-review

5 Scopus citations

Abstract

Despite promises by European Union (EU) policymakers to fundamentally change cybersecurity certification, they have recently created a regime that is strikingly similar to already existing certification arrangements. How can we explain this puzzle? Through a process-Tracing analysis based on 41 documents and 18 interviews, this article traces the development of the EU cybersecurity certification regime over the past two decades. It deconstructs certification into standardisation, accreditation, certification, and evaluation; analyses how each regime component changed over time; and discusses to what extent causal mechanisms that are derived from classic theories of EU integration explain the limited nature of policy change. The observed dynamics uncover a Europeanization on Demand model that allows national authorities to completely control the extent of integration. This study challenges the dichotomous understanding portrayed by EU integration literature, of mutually exclusive dynamics of market or core state powers integration, highlighting intriguing political dynamics in EU cybersecurity policymaking.

Original languageEnglish
Pages (from-to)600-631
Number of pages32
JournalJournal of Public Policy
Volume41
Issue number3
DOIs
StatePublished - Sep 2021
Externally publishedYes

Bibliographical note

Publisher Copyright:
©

Keywords

  • certification
  • cybersecurity
  • EU integration
  • multi-level governance
  • policy change

Fingerprint

Dive into the research topics of 'Europeanisation on demand: The EU cybersecurity certification regime between market integration and core state powers (1997-2019)'. Together they form a unique fingerprint.

Cite this