The European Commission has presented a new cybersecurity package to strengthen the European Union’s resilience to increasing cyber and hybrid attacks from state and criminal actors.
The key is to reduce risks from high-risk suppliers outside the EU, especially in critical infrastructure such as mobile networks, through a common and risk-based framework. The Commission’s news release did not mention any specific suppliers targeted by the measures.
The move should make it possible to reduce the risk to sensitive parts of the EU’s IT ecosystem based on previous work on 5G security.
An updated European Cybersecurity Certification Framework (ECCF) will also make it faster and easier to security test products and services. The package also simplifies compliance with existing cybersecurity rules to reduce the administrative burden, especially for small and medium-sized enterprises.
At the same time, the EU’s cybersecurity agency, ENISA, will be strengthened, among other things by giving it a more central role in threat analysis, incident response, vulnerability management, and coordination within the EU.
The package of measures needs to be approved by the European Parliament and the EU Council of Ministers. Member states will then have one year to implement the changes in their national legislation.