CEN and CENELEC’s Position on the ‘Cybersecurity Act’ 

CEN and CENELEC welcome the proposal made by the European Commission for a ‘Cybersecurity Act’ [COM (2017) 477] as part of its cybersecurity strategy to address the current fragmentation in the European market. In this respect, we are providing input to the ongoing discussions in the European Parliament, Council of the European Union and European Economic and Social Committee to ensure a coherent European approach to cybersecurity.

The CEN and CENELEC recommendations are to:

  • Define what is meant by the ‘ICT products and services’ covered by the proposal, and invite the EC to formally engage with the European Standardisation Organisations (ESOs) to establish a priority list of products, services and digital competences and qualifications so that standardization can timely accompany market needs.
  • Invite the formally recognized national, European and international standardization organizations to define the requirements and standards to be used in the certification schemes, giving priority to international standards.
  • Apply the process of the New Legislative Framework, which provides a clear separation between legislation, standards and conformity assessment, and avoids creating a new practice which would cause confusion in the market place.
  • Revise the technical details included within the security objectives as well as the assurance level sections, in order to make them fully applicable to real use cases and coherent with modern best practices.

We invite you to read the full CEN and CENELEC’s position paper. If you are interested to learn more about standardization for cybersecurity and discuss the CEN and CENELEC position to the draft regulation, please contact Andreea Gulacsi.

Read the CEN and CENELEC position paper (pdf format).