All news with #eu cybersecurity act tag

🔐 The European Commission has unveiled a cybersecurity package to strengthen the EU’s resilience against state and criminal cyber and hybrid threats. The proposals focus on reducing risks from high-risk suppliers outside the EU—particularly in critical infrastructure like mobile networks—using a common, risk-based framework. The plan updates the European Cybersecurity Certification Framework to speed product testing, eases compliance burdens for SMEs, and reinforces ENISA’s role in threat analysis, incident response and vulnerability management.

🔒 The European Commission has proposed an update to the Cybersecurity Act, published on 20 January, to address shortcomings in the original regulation. The package aims to streamline the European cybersecurity certification framework, introduce a trusted ICT supply chain security framework across 18 critical sectors, and require certification schemes to be developed within 12 months by default. It also expands ENISA's powers to lead incident support, vet suppliers, and pilot skill attestation.

🔒 The European Commission has proposed a comprehensive cybersecurity package that would require the removal of high-risk suppliers from sensitive telecommunications networks and give Brussels authority to coordinate EU-wide risk assessments. The measure aims to strengthen defenses against state-backed actors and cybercrime targeting critical infrastructure while addressing uneven uptake of the 2020 5G Security Toolbox. The proposal also expands ENISA's remit to issue early threat alerts, centralize incident reporting, streamline voluntary certification, and support joint assessments across 18 critical sectors, with member states required to transpose changes within one year of approval.

🔐The new GCVE database at db.gcve.eu is a free, publicly accessible repository designed to simplify vulnerability reporting and management across Europe. It aggregates normalized data from more than 25 public sources and uses the GCVE Numbering Authority (GNA) model to enable decentralized assignment of identifiers. An open API allows seamless integration into compliance and risk-management tools for security teams, vendors, researchers, CSIRTs, and open-source developers.

🔒 In this Deputy CISO post, Freddy Dezeure of Microsoft explains how recent EU laws are reshaping cybersecurity for critical infrastructure. He argues that NIS2 and DORA broaden the CISO role across IT, OT, IoT, AI, and supply chains and push for stronger board-level accountability. The piece emphasizes a risk-based, prioritized approach—focusing on a few high-impact controls such as phishing-resistant multifactor authentication, comprehensive asset inventory, timely patching, and resilience testing.

🔒 Cybersecurity researchers and rights groups warn the UN Convention against Cybercrime, which begins a ratification process in Hanoi this weekend, could criminalize legitimate research and expand intrusive surveillance powers. The Cybersecurity Tech Accord and organizations such as Human Rights Watch say the draft's vague scope, broad criminalization language, and expansive data-access provisions risk arbitrary abuse and could hamper incident response. Some analysts acknowledge improvements around intent-based language but stress that robust national safeguards and explicit protections for security research are still needed.