We spend a lot of our time online. This shift to the digital world brings threats as well as opportunities. This includes cyber and hybrid attacks on essential services and democratic institutions, which Europe faces on a daily basis. The Commission has proposed new cybersecurity measures to further strengthen the EU’s resilience and capabilities in the face of these growing threats.
The Commission has proposed to revise the 2019 Cybersecurity Act, which sets the framework for EU-wide cybersecurity certification of digital products, services and processes. The revision aims to
- enhance the security of the EU’s information and communication technologies supply chains, by reducing the risks from third-country suppliers that raise cybersecurity concerns
- ensure that digital products and services used by EU citizens are tested for security in a more efficient way, by clarifying rules and simplifying procedures under the European Cybersecurity Certification Framework
Beyond revising the cybersecurity act, the measures include additional steps to
- make it easier for companies to follow cybersecurity rules by simplifying jurisdictional rules and streamlining data collection on ransomware attacks
- reinforce the EU Agency for Cybersecurity (ENISA) so it can better support EU countries in understanding, preparing and responding to common threats
These proposals will now be discussed by the European Parliament and the Council of the EU. Once approved, they can be applied across the EU.
For more information
Press release – Commission strengthens EU cybersecurity resilience and capabilities