Skip to main content
Search by keyword
Strengthening Europe’s digital defenses: a Proposal to revise the EU Cybersecurity Act

Strengthening Europe’s digital defenses: a Proposal to revise the EU Cybersecurity Act

Strengthening Europe’s digital defenses: a Proposal to revise the EU Cybersecurity Act

On 20 January 2026, the European Commission released a Proposal to revise the Cybersecurity Act, as part of a broader EU cybersecurity package aimed at strengthening the bloc’s digital resilience and capabilities in the context of increasing cyber threats. This Proposal is part of the EU’s ongoing efforts to modernise its cybersecurity framework, remedy fragmentation across the internal digital market, and address vulnerabilities in critical information and communication technology (ICT) supply chains.

Three security objectives

Cybersecurity risks in Europe have increased in scale and sophistication, affecting critical infrastructure, public administrations, businesses, and citizens. In response, the Proposal seeks to reinforce the EU’s institutional and operational capacity to prevent, detect, and respond to cyber incidents. A central feature of the revision is strengthening the mandate and resources of the European Union Agency for Cybersecurity (ENISA). The agency would play a more prominent operational role, supporting Member States in crisis coordination, threat analysis, and preparedness for large-scale cross-border cyber incidents.

Another key objective is to simplify and enhance the European cybersecurity certification framework. The Proposal aims to make certification schemes more efficient and widely recognized across the EU, allowing companies to certify ICT products, services, and processes once and have that certification accepted throughout Member States. This “cyber-secure by design” approach is intended to reduce administrative burdens (particularly for small and medium-sized enterprises)  while raising overall security standards in the digital marketplace.

The revision also addresses ICT supply-chain risks. By introducing clearer, risk-based requirements, the EU seeks to mitigate vulnerabilities linked to dependencies on external suppliers and ensure that critical technologies meet robust security criteria before entering the European market.

The proposal aligns with broader EU cybersecurity legislation, including the NIS2 Directive, by clarifying responsibilities and reducing overlapping reporting obligations for organizations operating in multiple countries. 
 

News details

Website link
Proposal for a Regulation for the EU Cybersecurity Act
Digital technology / specialisation
Cybersecurity
Digital skill level
Basic
Intermediate
Advanced
Digital Expert
Geographic scope - Country
Austria
Belgium
Bulgaria
Cyprus
Geographical sphere
EU institutional initiative
Log in to comment

You May Also Be Interested In