The EU is working on two major pieces of cybersecurity legislation that organizations must be aware of