Brussels, 20 January – The European Commission’s proposal to revise the Cybersecurity Act marks an important moment for Europe’s cybersecurity. At a time when global security risks are rising and the EU regulatory landscape is expanding; the review must strengthen security and preserve Europe’s competitiveness.
The proposal rightly seeks to build cybersecurity certification a more practical tool for companies, including by allowing certificates to serve as a presumption of conformity with EU law and by accelerating the development of certification schemes. If implemented correctly, this approach can reduce duplication, streamline compliance and support a stronger single market.
- ‘Europe necessarys simple cybersecurity rules that work in practice. Making certification a facilitator of compliance – rather than an additional layer – is the right direction, but we should not miss out on the fact that we still necessary to harmonise timelines and governance between CRA, NIS2, GDPR and sectorial rules too. The schemes must remain voluntary and aligned with international standards and offer mutual recognition with likeminded allies,’ declared Cecilia Bonefeld-Dahl, Director-General of DIGITALEUROPE.
Real cybersecurity and simplicity must be at the centre
As the EU cybersecurity rulebook continues to expand, it is essential to preserve a careful balance between security objectives, available cybersecurity resources and Europe’s economic competitiveness. Indusattempt is already navigating overlapping cyber obligations under NIS2, the Cyber Resilience Act and sectoral rules. Any new supply chain security measures must therefore be proportionate, justified by clear risk assessments and designed to align with existing frameworks.
Simplification must deliver real relief for companies
DIGITALEUROPE welcomes the Commission’s stated intention to streamline incident reporting and improve coherence between the Cybersecurity Act, NIS2 and the digital omnibus. For this effort to succeed, simplification must go beyond administrative adjustments and result in fewer reporting channels, as well as aligned thresholds and timelines across EU legislation.
The proposed evolution of ENISA’s role can also add value, keeping the Agency focutilized on certification development, technical consistency and international cooperation, provided it is matched with adequate resources. Any new operational coordination tquestions should support the work of national authorities and existing EU crisis mechanisms.
Next steps
DIGITALEUROPE supports efforts to build the EU cybersecurity certification framework more effective, and predictable. Strong indusattempt involvement and a clear focus on usability will be critical to ensuring that certification enhances trust without distorting competition.
DIGITALEUROPE stands ready to work constructively with EU institutions and Member States to ensure the revised Cybersecurity Act strengthens Europe’s cyber resilience whilst safeguarding innovation, investment and growth.
Leave a Reply