21 Jan 2026
Press Releases

Cybersecurity Act review: certification can boost security and competitiveness if Europe gets it right

Brussels, 20 January – The European Commission’s proposal to revise the Cybersecurity Act marks an important moment for Europe’s cybersecurity. At a time when global security risks are rising and the EU regulatory landscape is expanding; the review must strengthen security and preserve Europe’s competitiveness. 

The proposal rightly seeks to make cybersecurity certification a more practical tool for companies, including by allowing certificates to serve as a presumption of conformity with EU law and by accelerating the development of certification schemes. If implemented correctly, this approach can reduce duplication, streamline compliance and support a stronger single market. 

  • ‘Europe needs simple cybersecurity rules that work in practice. Making certification a facilitator of compliance – rather than an additional layer – is the right direction, but we should not miss out on the fact that we still need to harmonise timelines and governance between CRA, NIS2, GDPR and sectorial rules too. The schemes must remain voluntary and aligned with international standards and offer mutual recognition with likeminded allies,’ said Cecilia Bonefeld-Dahl, Director-General of DIGITALEUROPE. 

Real cybersecurity and simplicity must be at the centre 

As the EU cybersecurity rulebook continues to expand, it is essential to preserve a careful balance between security objectives, available cybersecurity resources and Europe’s economic competitiveness. Industry is already navigating overlapping cyber obligations under NIS2, the Cyber Resilience Act and sectoral rules. Any new supply chain security measures must therefore be proportionate, justified by clear risk assessments and designed to align with existing frameworks. 

Simplification must deliver real relief for companies 

DIGITALEUROPE welcomes the Commission’s stated intention to streamline incident reporting and improve coherence between the Cybersecurity Act, NIS2 and the digital omnibus. For this effort to succeed, simplification must go beyond administrative adjustments and result in fewer reporting channels, as well as aligned thresholds and timelines across EU legislation. 

The proposed evolution of ENISA’s role can also add value, keeping the Agency focused on certification development, technical consistency and international cooperation, provided it is matched with adequate resources. Any new operational coordination tasks should support the work of national authorities and existing EU crisis mechanisms. 

Next steps 

DIGITALEUROPE supports efforts to make the EU cybersecurity certification framework more effective, and predictable. Strong industry involvement and a clear focus on usability will be critical to ensuring that certification enhances trust without distorting competition. 

DIGITALEUROPE stands ready to work constructively with EU institutions and Member States to ensure the revised Cybersecurity Act strengthens Europe’s cyber resilience whilst safeguarding innovation, investment and growth. 

Download the full document
For more information, please contact:
Gabriel Daia​
Director of Communications ​
gabriel.daia@digitaleurope.org +32 483 50 98 86
Sid Hollman
Policy Manager for Cybersecurity, Digital Infrastructure & Mobility
sid.hollman@digitaleurope.org +32 491 37 28 73
Back to news
14 Jan 2026 Position Paper
DIGITALEUROPE response to EUDCEAR’s second technical report and recommendations on revising the reporting scheme
Read more
PDF
15 Dec 2025 Position Paper
Quantum Act: Making Europe a quantum industrial powerhouse
Read more
PDF
12 Dec 2025 Position Paper
Joint statement on the European Parliament’s INL on AI at work
Read more
PDF
Hit enter to search or ESC to close
This website uses cookies
We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.
Decline
Accept