All news with #eu cybersecurity act tag

🛡️ The Council of the EU approved Ukraine’s inclusion in the EU Cybersecurity Reserve on June 16, allowing the Ukrainian government to request emergency EU cyber support for large-scale incidents. Managed by ENISA, the reserve leverages 47 trusted private providers who passed an ownership control assessment. The initiative is funded under the Digital Europe Work Programme 2025–2027 and grounded in the EU Cyber Solidarity Act.

🔒 European policymakers are accelerating a push for greater tech sovereignty in response to shifting geopolitical trust and concerns over dependence on US and other foreign technologies. The debate spans legal, operational and supply-chain dimensions, with proposals under the EU’s Tech Sovereignty Package and revisions to procurement and the Cybersecurity Act. Achieving autonomy will require investment in local R&D, talent, interoperable systems and realistic timelines, while avoiding protectionist measures that stifle competition. The private sector must factor geopolitical risk into procurement to scale credible European alternatives.

🔐 The European Commission has unveiled a cybersecurity package to strengthen the EU’s resilience against state and criminal cyber and hybrid threats. The proposals focus on reducing risks from high-risk suppliers outside the EU—particularly in critical infrastructure like mobile networks—using a common, risk-based framework. The plan updates the European Cybersecurity Certification Framework to speed product testing, eases compliance burdens for SMEs, and reinforces ENISA’s role in threat analysis, incident response and vulnerability management.

🔒 The European Commission has proposed an update to the Cybersecurity Act, published on 20 January, to address shortcomings in the original regulation. The package aims to streamline the European cybersecurity certification framework, introduce a trusted ICT supply chain security framework across 18 critical sectors, and require certification schemes to be developed within 12 months by default. It also expands ENISA's powers to lead incident support, vet suppliers, and pilot skill attestation.

🔒 The European Commission has proposed a comprehensive cybersecurity package that would require the removal of high-risk suppliers from sensitive telecommunications networks and give Brussels authority to coordinate EU-wide risk assessments. The measure aims to strengthen defenses against state-backed actors and cybercrime targeting critical infrastructure while addressing uneven uptake of the 2020 5G Security Toolbox. The proposal also expands ENISA's remit to issue early threat alerts, centralize incident reporting, streamline voluntary certification, and support joint assessments across 18 critical sectors, with member states required to transpose changes within one year of approval.

🔐The new GCVE database at db.gcve.eu is a free, publicly accessible repository designed to simplify vulnerability reporting and management across Europe. It aggregates normalized data from more than 25 public sources and uses the GCVE Numbering Authority (GNA) model to enable decentralized assignment of identifiers. An open API allows seamless integration into compliance and risk-management tools for security teams, vendors, researchers, CSIRTs, and open-source developers.

🔒 In this Deputy CISO post, Freddy Dezeure of Microsoft explains how recent EU laws are reshaping cybersecurity for critical infrastructure. He argues that NIS2 and DORA broaden the CISO role across IT, OT, IoT, AI, and supply chains and push for stronger board-level accountability. The piece emphasizes a risk-based, prioritized approach—focusing on a few high-impact controls such as phishing-resistant multifactor authentication, comprehensive asset inventory, timely patching, and resilience testing.

🔒 Cybersecurity researchers and rights groups warn the UN Convention against Cybercrime, which begins a ratification process in Hanoi this weekend, could criminalize legitimate research and expand intrusive surveillance powers. The Cybersecurity Tech Accord and organizations such as Human Rights Watch say the draft's vague scope, broad criminalization language, and expansive data-access provisions risk arbitrary abuse and could hamper incident response. Some analysts acknowledge improvements around intent-based language but stress that robust national safeguards and explicit protections for security research are still needed.