23 Jun 2026

A practical path to EU-US cybersecurity mutual recognition

Executive summary

The August 2025 EU-US trade framework created a clear and time-sensitive political commitment: the EU and the US committed to negotiating a cybersecurity mutual recognition agreement. The immediate priority is to turn that commitment into an implementable first tranche, because the issue sits at the intersection of wider EU-US discussions on trade and the establishment of the EU-US Digital Dialogue.

The cyber mutual recognition agreement should be the flagship near-term deliverable of a practical EU-US cyber agenda. Its first tranche should focus on product assurance and conformity assessment: mutual reliance on competent conformity assessment bodies, acceptance of test results for agreed cybersecurity requirements in clearly defined product categories, and technical mapping of requirements, test methods, documentation and oversight practices. Future tranches could follow where equivalence can be demonstrated and where there is a clear industry need.

The first proof of concept should build on the existing conformity assessment route under the 1998 EU-US Mutual Recognition Agreement and the EU Radio Equipment Directive (“RED”). This would allow the EU and the US to test a limited, product-focused approach with legal, standards and conformity assessment expertise built in from the outset.

Restarting the EU-US Cyber Dialogue should support this agenda. The Dialogue should have a results oriented mandate, structured industry input and dedicated tracks on response and recovery, emerging technologies and practical burden reduction.

DIGITALEUROPE calls on EU and US policymakers to:

  • launch a phased EU-US cybersecurity mutual recognition agreement work programme, with a first deliverable focused on product assurance and conformity assessment;
  • leverage input from industry and experts into the design and implementation process;
  • leverage international standards as the starting point for technical alignment on key areas like incident reporting and mandate a joint requirements-mapping exercise where gaps remain;
  • prioritise mutual reliance on competent conformity assessment bodies and acceptance of test results for agreed cybersecurity requirements in clearly defined product categories;
  • explore a proof of concept linked to the existing EU-US mutual recognition agreement framework and RED-covered cybersecurity requirements;
  • restart the EU-US Cyber Dialogue with clear deliverables, accountability and institutional firebreaks, including a dedicated cyber response coordination track, so that progress on cybersecurity mutual recognition can proceed in parallel with wider digital policy discussions.
Download the full document
For more information, please contact:
Joël Guschker
Associate Director for International Affairs & Trade Policy
joel.guschker@digitaleurope.org
Hanna Harrison
Associate Director for Resilience & Critical Infrastructure
Omar Dhaher
Technical Associate Director for Standardisation & Compliance Policy
omar.dhaher@digitaleurope.org +32 466 21 99 38
Back to International Relations and Trade
View the complete Policy Paper
PDF
Our resources on International Relations and Trade
30 Apr 2026 Publication & Brochure
EU-Japan Business: Driving Digital Innovation
Read more
PDF
15 Apr 2026 Position Paper
Response to Section 301 Investigations on Structural Excess Capacity
Read more
PDF
30 Oct 2025 Policy Paper
Proposed guidelines on export controls for intangible technology transfers
Read more
View all resources
Hit enter to search or ESC to close
This website uses cookies
We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.
Decline
Accept