BRUSSELS – Today, ITI, the global voice of the tech sector, reacted to the European Union’s (EU) progress toward finalizing the EU Cybersecurity Act. Among its provisions, the bill, which has been agreed to on substance and now only requires formal approval by the European Parliament, would provide a permanent mandate and more resources for the European Union Agency for Network and Information Security (ENISA) and establish an EU-wide framework for European Cybersecurity Certificates for products, processes, and services.
“The European Union took an important step toward minimizing the risks of cyber threats to Member States’ critical infrastructure and bolstering consumer trust and confidence in IT services and connected products,” said Guido Lobrano, ITI’s Senior Director of Global Policy. “The proposed cybersecurity measures offer a one-stop-shop approach that provides further integration of the European single market and helps limit market-entry barriers. We’re encouraged to see the adoption of a security-by-design approach, which better aligns with modern software and product development processes by including security features in the early stages of technical design and development and encourages cybersecurity innovation. Further, the creation and resourcing of a more prominent role for ENISA will provide clarity and more coordination across European capitals when addressing ongoing cybersecurity challenges. However, the requirement for third party certification is disproportionately burdensome to businesses and its added value is questionable. We will closely monitor the implementation of the certification framework both for voluntary and compulsory schemes to make sure the process is as streamlined and reasonable as possible and allows for business input. We look forward to working with the European institutions and governments as they finalize the measures and put them into practice.”