how is the applicability of this EU legal instrument affected by the departure of the UK from the EU? The topic is in relation to the EU RED, and the applicability of some of your discussion may be lessened as a result of the UK’s departure.
This is especially relevant given your comparative (arguably fair) comparison that the US lacks federal law regulating this subject area, but have focused almost entirely on EU, not UK, law. A possible point of evaluation here would be the nature of Directives versus regulation.
take into account at least one concrete cybersecurity-relevant event, incident or dispute
