Cybersecurity and Regulatory Compliance in Smart Cities: A Comprehensive Review

Smart cities increasingly rely on urban digital systems deployed across domains such as mobility, public safety, surveillance, and governance, involving large-scale collection and processing of sensitive data. These systems raise significant cybersecurity and privacy challenges, shaped by European regulatory frameworks that influence how data are collected, secured, shared, and governed within urban environments. While existing research has examined legal and regulatory aspects alongside technical cybersecurity solutions, these areas are often addressed in isolation, limiting insight into how regulatory requirements translate into concrete implementations. This paper presents a comprehensive review of regulatory-driven cybersecurity approaches for smart cities. It maps the literature across major application domains and analyses how regulatory objectives are reflected in technical, organisational, and operational measures, as well as in implemented solutions. By jointly examining legal and technical perspectives, the review links regulatory compliance requirements with concrete security practices and system-level design choices. Based on this analysis, the paper proposes a structured classification of regulatory-driven smart city approaches and identifies key trends, gaps, and challenges in the literature. The findings provide a foundation for future research on regulatory-driven cybersecurity and privacy protection in smart systems.