A team from the European Union Delegation in a third country is implementing a new digital strategy to improve the cybersecurity of their sensitive communications and ensure operational continuity after a security incident. As an expert in digitalization, you must evaluate the following proposed configuration for identity management and access to critical systems: 1) A single sign-on system is implemented that uses the eIDAS framework for the cross-border exchange of digital identities between EU officials and external partners; 2) In the event of a serious cyber incident that affects the crisis management systems, notification to the competent authorities must be made within 24 hours following the detection of the incident, as required by the EU cybersecurity framework; 3) A 'privacy by design' approach is adopted for the processing of personal data in cloud collaboration tools, ensuring that the principles of the GDPR are integrated from the development phase; 4) It is decided that, to meet the requirements of the NIS2 Directive, personnel with privileged access to sensitive data must receive specific cybersecurity training at least once every three years, regardless of their specific role. Based strictly on the EU regulatory frameworks (eIDAS, GDPR, NIS2 Directive, and the principle of privacy by design), which of the following statements best describes the regulatory compliance of this configuration?