Cybersecurity Act gives Europe a new framework to increase trust in a digitising world

DIGITALEUROPE warmly welcomes the final adoption of the Cybersecurity Act and looks forward to future collaboration to accomplish its ambitious goals. With the Council’s final formal step yesterday, Europe can now count on a renewed and strengthened EU Agency for Cybersecurity (ENISA) and on a comprehensive framework for the development of certification schemes for ICT products, processes and services.  

Cecilia Bonefeld-Dahl, Director General of DIGITALEUROPE, commented:

‘Europe is making great strides in boosting cybersecurity across the board. The Act will be key to strengthening Member States’ capabilities thanks to ENISA and ensuring that European certifications are robust and successfully implemented. We have called for a balancedapproach to certification throughout the negotiations, and we are glad to see such approach reflected in the final Act. Working with ENISA, the Commission and the Member States, we now want to achieve the scale and benefits that Europe’s market should aspire to.’

The Cybersecurity Act provides a framework for cybersecurity certification schemes developed by ENISA and applicable across the Union. The framework allows for broad stakeholder consultation, including through the establishment of a Rolling Work Programme and the creation of a Stakeholder Certification Group, as well as for alignment with European and international standards. Certification will be voluntary, with the possibility to make it mandatory in specific cases following a thorough and transparent assessment by the European Commission.