11 Jun 2018

Cybersecurity Act - DIGITALEUROPE urges co-legislators to ensure certification schemes do not lead to more market fragmentation in Europe

DIGITALEUROPE welcomes the swift adoption of the Council General Approach to the “Cybersecurity Act” that paves the way towards the creation of a EU single market for cybersecurity certification.

However, “relying mainly on third-party certification will have a big impact on the time and cost to place a product or service on the market and will limit the access for smaller industry players. The use of selfdeclaration of conformity, a recognised and tested approach used by manufacturers should be extended” voiced Cecilia Bonefeld-Dahl, Director-General of DIGITALEUROPE.

We warn against the new provision opening the possibility for individual countries to make the certification mandatory through national legislation. This goes against the objective of the Regulation and may lead to market fragmentation.

DIGITALEUROPE urges ITRE MEPs to build on the improvement made in the IMCO opinion. It is now the role of the European Parliament to stand for the single market, avoiding further fragmentation via national legislation, and keeping the voluntary approach to certification across the EU and allowing for a flexible and inclusive certification framework. This requires industry participation and possibility for self-declaration of conformity.

“While the Council gives a role to the industry to propose certification schemes, it still doesn’t provide for a structured and formal industry involvement in the prioritisation, elaboration, and implementation of such schemes” insisted Cecilia Bonefeld-Dahl, Director-General of DIGITALEUROPE.

“The digital industry has a long experience in dealing with cybersecurity, in finding solutions and in designing products and services that protect both their devices and users. This experience will be valuable for the elaboration of future-proof certification schemes and each scheme should benefit from the most relevant set of expertise” she added

To boost the industry competitiveness, DIGITALEUROPE believes that the reference to global standards should prevail and any deviation from this principle, as introduced by the Council, may create uncertainty for market players.

For more information please contact
Alberto Di Felice
Senior Policy Manager for Infrastructure, Privacy and Security
Back to Cybersecurity
View the complete Policy Paper
PDF
Our resources on Cybersecurity
Policy Paper 05 Sep 2019
Response to ENISA consultation on EU ICT industrial policy
Policy Paper 01 Sep 2019
DIGITALEUROPE and ESIA response to the Office of State Commercial Cryptography Administration Draft Cryptography Law
Policy Paper 19 Jul 2019
Joint industry letter on Cybersecurity Vulnerabilities Administrative Regulation Response to MIIT published draft for comments
Hit enter to search or ESC to close