

While the threat of cybersecurity breaches—unauthorised access to networks, applications, and data—should be a priority for businesses and organizations, it is likewise a priority for government’s worldwide, and, in particular, governments are working on rules and standards intended to protect controlled unclassified information in public procurements. This is an important issue because governments share vast quantities of sensitive data with contractors through public procurements. Governments are increasingly realizing that this poses a significant risk to national security and steps should be undertaken to protect controlled unclassified information (CUI). The purpose of this article is to identify and compare those rules and standards in the United States and the European Union on the protection of controlled unclassified information and provide general recommendations. Overall, this article concludes by confirming that there are differences between the approaches taken by the US and EU to protect controlled unclassified information and that a uniform approach in the EU is recommended.