Misaligned union laws?: A comparative analysis of certification in the Cybersecurity Act and the General Data Protection Regulation

In 2019, the Cybersecurity Act, the EU law aiming to achieve high level of cybersecurity in the Union and Member States, entered into force. The CSA belongs to a broader set of Union laws providing a framework of legal protection of individual and collective rights from harmful use of information and communication technologies. Those laws introduce private law instruments for the achievement of legislative goals.2 Despite the overarching similarities of the regulated fields, the Union legislator adopted seemingly different approaches in introducing private law instruments. The Chapter seeks to comparatively present the certification frameworks as introduced in the Cybersecurity Act and the General Protection Regulation, with the aim to provide an understanding on the legislative choices and the normative, implementation and policy reasons underpinning the introduction of private law instruments in Union laws.