Tag Archive for: CSA

EuroISPA Contribution to the proposal on CSA 2.0. and the Directive on Simplification Measures and Alignment with the Cybersecurity Act

/in , ,

EuroISPA welcomes the European Commission’s proposals for a revised CybersecurityAct (CSA 2.0) and the accompanying NIS2 Simplification Directive as meaningful steps towards a stronger European cybersecurity framework.

At the same time, we believe further work is needed. Our key priorities:

  • Certification schemes must remain strictly technical
  • Reporting obligations must be harmonised across NIS2, CRA, GDPR and DORA, with a single audit principle
  • Supply chain risk assessments must be objective and evidence-based
  • Mandatory ICT asset phase-out must remain proportionate and economically sustainable manner
  • NIS2 simplification measures are essential to support SME and mid-cap operators and preserve competition
  • Internally developed tools not placed on the market should be exempted from certification requirements
  • Open source communities, SMEs, and independent developers must be recognised as key contributors to Europe’s cyber resilience

A secure and competitive European digital ecosystem requires a framework grounded in technical evidence, operational feasibility, and proportionality. We look forward to engaging with co-legislators on these important EU policy issues.

2605-EuroISPA-Contribution-to-CSA-Review-and-the-NIS2-Simplification-DirectiveDownload

EuroISPA Contribution to the Cybersecurity Act Review

/in ,

EuroISPA contributed to the online survey of the European Commission on the Cybersecurity Act, emphasising on the following considerations:

  • Preserve a technical focus in certification: Cybersecurity certification schemes should remain strictly technical, avoiding political or sovereignty-based criteria to maintain neutrality, credibility, and cross-border interoperability.
  • Reinforce ENISA’s role: ENISA should have a stronger mandate to harmonise standards across the EU, promote international standards, and ensure transparency and stakeholder involvement in certification development.
  • Simplify and harmonise regulatory frameworks: The CSA should align with other EU regulations (like NIS2, CRA, GDPR, DORA), introducing unified reporting thresholds and single incident-reporting points to reduce overlapping obligations.
  • Support SMEs with proportionate compliance: SMEs should be allowed to use simplified, self-declared compliance processes to avoid excessive regulatory burdens that could hinder their participation in the digital economy.
  • Exclude internal-use tools from certification: Software and tools developed in-house and not marketed externally should be exempt from certification, unless used in critical infrastructure, to prevent unnecessary regulation.
  • Protect open-source and small-scale developers: The CSA must account for the vital role of open-source and small developers by ensuring certification schemes are affordable, inclusive, and supportive of innovation and diversity.

Read more here.

Contact details

EuroISPA

38, Rue de la Loi
1000 Brussels

+32 2 789 6618

[email protected]

General contact information | Privacy policy