The EU wants to streamline its cybersecurity certification process

Voluntary certification demonstrates compliance across products, services and more

NIS2 Directive changes are also set to ease compliance for 28,700 European companies

The European Commission has set out plans to revise its Cybersecurity Act, which it says comes in response to an increase in attacks on critical services and democratic institutions.

The proposed changes set out a '"cyber-secure by design" approach, speeding up and simplifying the certification process to help reduce the reliance on suppliers deemed to have national security concerns.

Lawmakers are worried about rising activity from state-backed groups as geopolitical tensions continue globally.

European proposal targets critical service cybersecurity

"Recent cybersecurity incidents have highlighted the major risks posed by vulnerabilities in the ICT supply chains, which are essential to the functioning of critical services and infrastructure," the Commission wrote in an update.

The proposal enables the mandatory derisking of telecom networks from high-risk suppliers, building on the existing 5G security toolbox that's had uneven adoption across the bloc.

EU Agency for Cybersecurity (ENISA) certifications will be voluntary, but serve as a way to prove compliance with European regulation. "Ultimately, the renewed [European Cybersecurity Certification Framework (ECCF)] will be a competitive asset for EU businesses," the post reads.

Certification will cover products, services, processes, managed security services and organizational cyber posture.

Policymakers also want to simplify the NIS2 Directive to ease compliance for an estimated 28,700 companies.

Changes to the Cybersecurity Act and the NIS2 Directive are subject to approval, after which point bloc members will have one year to implement the changes.

Tech Sovereignty, Security and Democracy EVP Henna Virkkunen described cybersecurity threats as "strategic risks to our democracy, economy, and way of life."

"With the new Cybersecurity Package, we will have the means in place to better protect our critical ICT supply chains but also to combat cyber attacks decisively."

