DIGITALEUROPE's position paper on the European Commission's proposal for a European framework for cybersecurity certification scheme for ICT products and services

INTRODUCTION

With an increasing number of online activities and services, the digitisation of the industry and rising number of connected devices (the Internet of Things), the role of cybersecurity has become even more crucial to provide a stable digital economy and ensure the trust of consumers. For DIGITALEUROPE, ensuring cybersecurity, from critical infrastructures to consumer devices is an imperative. It, therefore, requires the appropriate measures to tackle cyber risks that can compromise the functioning of our economy and society.

Following the growing number of harmful cyber-attacks, cyber security and resilience of the European Union have become a public policy priority of the European Commission, which adopted on 13 September 2017 new legislative measures on cybersecurity. The main piece of legislation consists of a draft regulation – “the Cybersecurity Act”- based on two pillars: (1) the revised mandate and responsibilities of the European Agency for Network and Information Security (ENISA); (2) a European framework for Certification Schemes for ICT products and services.

The second pillar of the proposed Regulation is of particular importance to DIGITALEUROPE, which had already expressed its views on cybersecurity certification and labelling schemes in March 2017. The proposed framework for cybersecurity certification plans to empower the European Commission to adopt EU-wide certification schemes for ICT products and services.

DIGITALEUROPE welcomes the main objective of creating a harmonised EU market for cybersecurity certification schemes. However, we believe that the proposal put forward by the European Commission could be improved to guarantee higher participation and involvement of the industry and rely on market-adopted global cybersecurity standards. Therefore, we recommend the following improvements to be taken into account in the ongoing law-making process.

We are ready to participate in a constructive debate and provide valuable industry knowledge to support policy makers in their work.