15 Dec 2017

DIGITALEUROPE's position paper on the European Commission's proposal for a European framework for cybersecurity certification scheme for ICT products and services

DIGITALEUROPE's position paper on the European Commission's proposal for a European framework for cybersecurity certification scheme for ICT products and services

INTRODUCTION

With an increasing number of online activities and services, the digitisation of the industry and rising number of connected devices (the Internet of Things), the role of cybersecurity has become even more crucial to provide a stable digital economy and ensure the trust of consumers. For DIGITALEUROPE, ensuring cybersecurity, from critical infrastructures to consumer devices is an imperative. It, therefore, requires the appropriate measures to tackle cyber risks that can compromise the functioning of our economy and society.

Following the growing number of harmful cyber-attacks, cyber security and resilience of the European Union have become a public policy priority of the European Commission, which adopted on 13 September 2017 new legislative measures on cybersecurity. The main piece of legislation consists of a draft regulation – “the Cybersecurity Act”- based on two pillars: (1) the revised mandate and responsibilities of the European Agency for Network and Information Security (ENISA); (2) a European framework for Certification Schemes for ICT products and services.

The second pillar of the proposed Regulation is of particular importance to DIGITALEUROPE, which had already expressed its views on cybersecurity certification and labelling schemes in March 2017. The proposed framework for cybersecurity certification plans to empower the European Commission to adopt EU-wide certification schemes for ICT products and services.

DIGITALEUROPE welcomes the main objective of creating a harmonised EU market for cybersecurity certification schemes. However, we believe that the proposal put forward by the European Commission could be improved to guarantee higher participation and involvement of the industry and rely on market-adopted global cybersecurity standards. Therefore, we recommend the following improvements to be taken into account in the ongoing law-making process.

We are ready to participate in a constructive debate and provide valuable industry knowledge to support policy makers in their work.

Back to Cybersecurity
View the complete Policy Paper
PDF
Our resources on Cybersecurity
Policy Paper 05 Sep 2019
Response to ENISA consultation on EU ICT industrial policy
Policy Paper 01 Sep 2019
DIGITALEUROPE and ESIA response to the Office of State Commercial Cryptography Administration Draft Cryptography Law
Policy Paper 19 Jul 2019
Joint industry letter on Cybersecurity Vulnerabilities Administrative Regulation Response to MIIT published draft for comments
Hit enter to search or ESC to close