- The EU wants to streamline its cybersecurity certification process
- Voluntary certification demonstrates compliance across products, services and more
- NIS2 Directive changes are also set to ease compliance for 28,700 European companies
The European Commission has set out plans to revise its Cybersecurity Act, which it says comes in response to an increase in attacks on critical services and democratic institutions.
The proposed changes set out a ‘”cyber-secure by design” approach, speeding up and simplifying the certification process to help reduce the reliance on suppliers deemed to have national security concerns.
Lawmakers are worried about rising activity from state-backed groups as geopolitical tensions continue globally.
European proposal targets critical service cybersecurity
“Recent cybersecurity incidents have highlighted the major risks posed by vulnerabilities in the ICT supply chains, which are essential to the functioning of critical services and infrastructure,” the Commission wrote in an update.
The proposal enables the mandatory derisking of telecom networks from high-risk suppliers, building on the existing 5G security toolbox that’s had uneven adoption across the bloc.
EU Agency for Cybersecurity (ENISA) certifications will be voluntary, but serve as a way to prove compliance with European regulation. “Ultimately, the renewed [European Cybersecurity Certification Framework (ECCF)] will be a competitive asset for EU businesses,” the post reads.
Certification will cover products, services, processes, managed security services and organizational cyber posture.
Policymakers also want to simplify the NIS2 Directive to ease compliance for an estimated 28,700 companies.
Changes to the Cybersecurity Act and the NIS2 Directive are subject to approval, after which point bloc members will have one year to implement the changes.
Tech Sovereignty, Security and Democracy EVP Henna Virkkunen described cybersecurity threats as “strategic risks to our democracy, economy, and way of life.”
“With the new Cybersecurity Package, we will have the means in place to better protect our critical ICT supply chains but also to combat cyber attacks decisively.”
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
