Industry calls to safeguard independence of EU cybersecurity agency

Published on 24/06/2025 - 16:21 GMT+2

Telecom operators, waste and acquisition unions and manufacture groups person called for the EU’s cyber agency ENISA to steer distant from governmental interference and stay independent in consequence to a consultation on the European Commission’s reappraisal of existing cybersecurity rules.                                                                                                                                                                                 

In May, nan Commission began gathering feedback connected a revision to nan bloc’s 2019 Cybersecurity Act (CSA), which is being revamped successful statement pinch efforts to simplify existing rules. 

The connection aimed to springiness nan Athens-based ENISA a bigger mandate, including complete nan drafting of cybersecurity certification schemes, done which companies tin show that their ICT solutions see nan correct level of cybersecurity protection for nan EU market.

Since 2019, nan Commission requested 3 of these voluntary certification schemes: connected baseline ICT products, 5G and unreality services, of which only nan first has yet been adopted.

The certification for unreality services (EUCS) turned into a political conflict over sovereignty requirements. France has led guidance and wants to beryllium judge that it tin proceed to usage its ain strategy – SecNum Cloud – aft nan take of EUCS.  

Tech manufacture relation CCIA said ENISA’s domiciled successful nan certification strategy improvement “should beryllium explicitly grounded successful method independence, allowing it to make non-political decisions that bespeak manufacture realities and cybersecurity champion practices.”

This was echoed by US tech institution Amazon which said that nan voluntary certification frameworks should beryllium “based purely connected method criteria”.

“We powerfully judge that introducing non-technical factors could undermine nan framework's effectiveness and create unnecessary barriers to innovation,” it added.

Global user electronics institution Lenovo, besides warned against introducing non-technical criteria “such arsenic vendor nationality, ownership, aliases office location—in cybersecurity consequence assessments aliases certification schemes.” 

“These measures consequence undermining EU principles of non-discrimination, marketplace access, adjacent competition, and proportionality, while offering small use to existent cybersecurity outcomes,” it said. 

There person been calls and plans from nan Commission to summation nan bloc’s independency of suppliers from extracurricular nan EU. In nan upcoming Cloud and AI Development Act, for example, nan Commission plans to fortify nan EU’s position successful nan industry. 

In nan European Parliament lawmakers are besides calling for measures to boost technological sovereignty and guarantee nan bloc’s independency and information by protecting its strategical infrastructure and reducing dependence connected non-European exertion providers.

ENISA mandate

The Commission began seeking feedback from manufacture and nationalist governments connected nan functioning and scope of activity of ENISA past year, arsenic reported, in a bid to modify nan agency’s instruction and financial support. 

There seems to beryllium support to summation its backing among nan participants to nan consultation. For example, Eco, a German relation for nan net industry, said that nan agency hadn't grown successful position of unit contempt its expanded remit.

“Given nan existent geopolitical information challenges and nan standard of world cyber threats, its financial resources stay constricted compared to different EU bodies. [...] It is important to boost ENISA’s domiciled arsenic nan independent master connected European Cybersecurity. In bid to run independently and pull basal resources, staff, and experts to nan use of its mandate, ENISA has to leverage its nationalist opinionated among nan world community,” nan publication said.

Henna Virkkunen, nan EU Commissioner for technology, said earlier this twelvemonth that she will transportation retired a alleged Digital Fitness Check – expected earlier nan extremity of 2025 -- which will measure whether each existing tech rules are burdensome to companies, and place areas for simplification. The CSA is expected to beryllium portion of that.