Cybersecurity in the EU

Virkkunen's Four-Point Package

Henna Virkkunen, Executive Vice-President, outlined a four-part proposal aimed at elevating the EU's cybersecurity framework to address increasing hybrid warfare threats. Central to the proposal is bolstering ENISA, the EU Agency for Cybersecurity, by expanding its responsibilities to serve as a unified incident reporting hub, early alert producer, and ransomware help-desk alongside Europol and CSIRTs. ENISA will also manage a new Union vulnerability management capacity.

Balancing Security with Business Compliance

The proposal includes derisking the ICT supply chain in critical sectors by making the 5G Cybersecurity Toolbox mandatory and imposing targeted risk measures on high-risk suppliers. This aims to create a level playing field in the EU market and reduce fragmentation. Amendments to the NIS2 Directive seek to simplify compliance by clarifying definitions and introducing a category for small mid-cap enterprises, easing burdens for over 28,000 companies. It also aims to improve data collection on ransomware attacks.

Certification Reform and Market Impact

Replacing existing certification schemes with a dynamic, efficient framework managed by ENISA intends to make cybersecurity certification a streamlined compliance tool across the internal market, emphasizing secure-by-design products. This affects manufacturers and service providers who must align with new standards.

Stakeholder Implications

EU regulatory bodies like ENISA and national agencies gain strengthened roles enhancing coordination. Businesses, especially SMEs and ICT product suppliers, face refined compliance requirements and potential operational effects. Consumers stand to benefit from improved product security assurances. However, ICT suppliers flagged as high-risk may experience market restrictions and increased compliance costs.

Virkkunen’s proposals indicate a shift toward centralized EU cybersecurity competence, blending enhanced regulatory oversight with measures that may increase compliance costs for some businesses but aim to build trust and resilience throughout EU digital ecosystems.

← Atlas › News › Digital & Communication