At the end of 2020, the EU announced a new EU cybersecurity strategy package. Also, it proposes big changes to the NIS Directive, which will impact European organizations as well as public sector entities. Security leaders should expect the EU to enact a tougher NIS Directive with more prescriptive security requirements, risk management regimes and reporting requirements, and a harsher penalty regime. CISOs should expect to see changes in the security product landscape, with greater funding and choice becoming available for European-grown security products. Finally, we expect to see European cybersecurity regulations to set the standards for good global cybersecurity regulation and governance.