TIC Council has released its official position paper outlining industry recommendations for the revision of the EU Cybersecurity Act (CSA), as the European Commission opens its consultation on the matter.

The CSA, adopted in 2019, plays a fundamental role in the EU’s cybersecurity governance. It introduced the European Cybersecurity Certification Framework (ECCF) and established the European Union Agency for Cybersecurity (ENISA). As key stakeholders in its implementation, TIC Council Members have contributed technical expertise to the development of cybersecurity certification schemes and standards.

In this new position paper, TIC Council welcomes the Commission’s efforts and puts forward clear recommendations to ensure that the CSA remains effective in addressing evolving digital challenges. Among the key proposals are:

1. Strengthening stakeholder input to improve agility and responsiveness in the certification framework;

2. Developing new and targeted European Cybersecurity Certification schemes for critical areas including Managed Security Services, consumer IoT, AI systems, space systems, dual-use technologies, and post-quantum cryptography;

3. Integrating schemes that combine cybersecurity, data protection, and other requirements to streamline compliance;

4. Considering mandatory certification in high-risk sectors where appropriate, based on international standards;

5. Enhancing international cooperation and mutual recognition to align global certification schemes;

6. Simplifying reporting obligations without compromising safety and security standards;

7. Supporting policy option 3: targeted improvements to the CSA, while firmly opposing its repeal without a more robust alternative.

TIC Council and its Members remain committed to providing further technical input and continuing engagement with the European Commission and stakeholders. These recommendations aim to build a safer, more resilient cyber ecosystem across the EU, enhancing competitiveness and reinforcing digital trust for citizens and businesses alike.

To explore the full insights and recommendations, read the Position Paper here.

For more information, contact Ángel Moreno Rubio, Digital Policy Manager at TIC Council: amorenorubio@tic-council.org