A strategic response to a shifting threat landscape
Recent cyber incidents have highlighted the critical importance of secure information and communication technologies in Europe. Vulnerabilities in software, hardware, and services can have far-reaching effects, impacting essential sectors such as energy, transportation, healthcare, and finance. The updated Cybersecurity Act recognizes the need to address supply chain security comprehensively, taking into account supplier dependencies, foreign interference, and geopolitical risks.
Derisking high-risk suppliers from critical networks
The revised legislation focuses on reducing exposure to high-risk third-country suppliers, with a particular emphasis on mobile telecommunications. By implementing mandatory derisking measures for suppliers presenting significant cybersecurity risks, the EU aims to mitigate systemic vulnerabilities in ICT infrastructure and enhance overall security.
Faster, simpler cybersecurity certification for Europe
The revamped European Cybersecurity Certification Framework (ECCF) aims to ensure that products and services meet stringent security standards. Certification processes will be expedited, with greater transparency and stakeholder involvement. Managed by ENISA, certification will help businesses demonstrate compliance with EU cybersecurity regulations more efficiently, fostering trust and security across supply chains.
Cutting red tape and clarifying compliance
The proposed amendments to the NIS2 Directive seek to simplify compliance requirements for thousands of companies, including micro and small enterprises. By introducing a new category for small mid-cap enterprises and clarifying jurisdictional rules, the EU aims to streamline ransomware data collection and enhance oversight of cross-border entities, with ENISA playing a more prominent role in coordination.
ENISA’s expanding role at the heart of EU cyber defence
ENISA’s mandate will be significantly expanded under the revised Act, enabling the agency to issue early warnings on emerging threats, support responses to ransomware attacks, and improve vulnerability management. Through collaboration with Europol and national Incident Response Teams, ENISA will play a crucial role in enhancing Europe’s cyber resilience and addressing the growing skills gap in cybersecurity.
Reinforcing EU cybersecurity
Upon approval by the European Parliament and the Council, the updated Cybersecurity Act will come into immediate effect. Member States will have one year to implement the NIS2 amendments into national legislation. As cyber threats continue to evolve, the revised Act represents a significant step towards securing Europe’s digital future, emphasizing resilience, trust, and cooperation as strategic assets for the continent.
