Home / Technology / EU Bolsters Cybersecurity Defenses with New Act
EU Bolsters Cybersecurity Defenses with New Act
21 Jan
Summary
- EU revises Cybersecurity Act for increased cyber resilience.
- New framework promotes 'cyber-secure by design' approach.
- NIS2 Directive changes aim to ease compliance for companies.
The European Commission has initiated revisions to its Cybersecurity Act, a move prompted by a significant rise in attacks targeting critical services and democratic systems. This proposed overhaul emphasizes a 'cyber-secure by design' strategy, accelerating and simplifying the certification procedures. The aim is to lessen dependence on suppliers with potential national security concerns, addressing heightened worries about state-backed cyber activities amid global geopolitical instability.
The revised European Cybersecurity Certification Framework (ECCF) will encompass products, services, processes, and organizational cyber posture. While ENISA certifications will remain voluntary, they will serve as crucial proof of regulatory compliance. These changes are expected to become a competitive advantage for EU businesses.
In parallel, policymakers are simplifying the NIS2 Directive to ease the compliance burden for an estimated 28,700 companies. Both the Cybersecurity Act and NIS2 Directive modifications require member state approval and will be implemented within a year of finalization, bolstering the EU's capacity to protect vital ICT supply chains and combat cyber threats decisively.
