TALLINN - The European Commission on Tuesday proposed a new cybersecurity package aimed at enhancing the security of the European Union's information and communication technology (ICT) supply chains.
A simplified certification process will ensure that products reaching EU citizens are secure by design. The proposal also aims to streamline compliance with existing EU cybersecurity rules and enable the European Union Agency for Cybersecurity (ENISA) to better support member states and the entire EU.
Executive Vice-President for Technological Sovereignty, Security and Democracy, Henna Virkkunen, stated that cybersecurity threats are not merely a technical issue. "They pose strategic risks to our democracy, economy, and way of life," she said. "The new cybersecurity package will help us better protect our critical ICT supply chains and repel cyberattacks. This is a significant step toward securing Europe's technological sovereignty and ensuring greater safety for all."
MORE SECURE SUPPLY CHAINS
The new cybersecurity regulation aims to mitigate risks within the EU's ICT supply chain that arise from third-country suppliers presenting cybersecurity concerns.
It will enable the EU and its member states to jointly identify and mitigate risks across 18 critical sectors, taking into account economic impact and market availability.
The cybersecurity regulation will make it possible to reduce risks from high-risk third-country suppliers to Europe's mobile networks, building on the work already completed under the 5G security toolbox.
SIMPLER AND MORE EFFICIENT CERTIFICATION
Products and services reaching EU consumers will undergo better and faster security testing thanks to an updated certification framework. This will provide greater clarity and simplify procedures, allowing certification schemes to be developed within 12 months.
Certification schemes managed by ENISA will become a practical and voluntary tool, enabling companies to demonstrate their compliance with EU legislation.
In addition to ICT products, services, processes, and managed security services, companies and organizations will now be able to certify their cyber posture to meet market demands.
The updated framework will thus create a competitive advantage for EU businesses. For citizens, businesses, and public sector entities in the EU, it ensures a high level of security and trust in complex ICT supply chains.
SIMPLER CYBERSECURITY RULES
The package simplifies compliance with EU cybersecurity standards and risk management requirements for businesses operating in the EU. The changes also aim to enhance legal clarity.
These measures will simplify compliance for 28,700 companies, including 6,200 micro and small enterprises. Additionally, a new category for small mid-cap companies will be introduced to reduce compliance-related costs for approximately 22,500 businesses.
A GREATER ROLE FOR ENISA
Since the adoption of the first Cybersecurity Act in 2019, ENISA has become a cornerstone of the EU's cybersecurity ecosystem. The agency supports businesses and stakeholders across the EU by providing early warnings about cyber threats and incidents.
In collaboration with Europol and Computer Security Incident Response Teams (CSIRTs), it supports businesses in responding to and recovering from ransomware attacks. ENISA is also developing a common EU approach to provide stakeholders with improved vulnerability management services. Additionally, the agency manages a single point of contact for incident reporting.
Please enter your username and password.
2026 © The Baltic Times /Cookies Policy Privacy Policy
