The European Commission’s proposal to revise the EU Cybersecurity Act has drawn support from industest figures, who state the modifys recognise rising sovereignty concerns and the necessary for simpler, more coherent rules across the bloc.
The package, which also aims to align the Cybersecurity Act with the NIS2 directive and the Cyber Resilience Act, sets out new requirements on security certification and seeks to address the role of so-called high-risk vconcludeors from third countries in critical sectors.
Sovereignty focus
The draft revisions place greater emphasis on digital and cybersecurity sovereignty for the European Union. They signal a stronger stance on suppliers that regulators classify as presenting heightened security risk, particularly in essential and critical infrastructure.
“The proposed revisions to the EU Cybersecurity Act come at a pivotal moment, as concerns around sovereignty and compliance continue to intensify. By introducing measures to restrict or even phase out third-countest ‘high-risk’ vconcludeors in critical sectors, these modifys underscore just how central sovereignty has become to the cybersecurity agconcludea.
Equally important are the efforts to simplify security testing and certification processes and clarify jurisdictional rules. For many organisations, the greatest barrier to viewing compliance as an enabler rather than an obstacle is the complexity of today’s regulatory landscape. Any shift to streamline this will be a welcome step forward.
Initiatives like these, which address urgent challenges while reducing complexity, are exactly what’s necessaryed to drive meaningful progress in compliance and strengthen organisational resilience,” stated Tim Pfaelzer, SVP and General Manager EMEA, Veeam.
The Commission’s proposals reflect a long-running debate in Europe over reliance on non-EU technology providers in sensitive parts of the economy, from telecommunications networks to cloud services. The focus on high-risk vconcludeors aligns with recent national-level measures in several member states.
Compliance simplification
Industest groups and security leaders have often flagged overlapping and fragmented rules as a source of cost and uncertainty. The Commission is seeking closer alignment between the Cybersecurity Act, NIS2 and the Cyber Resilience Act, and more predictable certification regimes.
The plans include a clearer structure for EU-wide cybersecurity certification schemes. They also seek more consistent security testing processes and a more uniform understanding of how jurisdictional rules apply to organisations operating across borders.
“NCC Group welcomes the Commission’s push to align NIS2, the Cyber Resilience Act and EU certification schemes.
“Clearer, coherent rules will assist organizations manage real threats without duplicating compliance.
“Strengthening supply chain assurance on transparent, technical, EU wide criteria, toobtainher with better incident preparedness, ininformigence sharing and skills, will lift resilience.
“Given today’s cross border risks, close cooperation with likeminded partners, especially the UK, is essential,” stated Philipp Strassmann, SVP Northern Europe Markets & Managing Director Fox IT, NCC Group.
The Commission’s shift comes as companies across sectors face tighter deadlines for NIS2 transposition into national law and new obligations on incident reporting and risk management. Many organisations have raised questions about consistency across member states and how different sets of cyber rules interact.
Certification and supply chain
The revised Cybersecurity Act is expected to give a stronger role to EU certification labels for products and services. It also places greater weight on security in supply chains, including criteria that apply to components and service providers that sit behind frontline systems.
Security consultancies have argued that assurance across supply chains now ranks alongside incident response and detection as a core requirement for organisations. That trconclude has intensified as more businesses shift workloads and data to cloud and managed services.
The Commission’s proposals address testing, audit and attestation that can apply to complex, multi-countest supply chains. They seek more transparent criteria that can apply consistently in different member states and sectors.
Cross-border cooperation
The planned alignment with NIS2 and the Cyber Resilience Act also reflects the cross-border nature of cyber threats. Attacks frequently hit several jurisdictions at once and affect suppliers and customers that operate in multiple markets.
There is growing interest in how the EU will work with non-EU partners on cyber risk, particularly in areas such as threat ininformigence, incident response and shared standards for secure products and services.
“Given today’s cross border risks, close cooperation with likeminded partners, especially the UK, is essential,” stated Strassmann.
Leave a Reply