Why harmonisation, interoperability and resilience should be the focus of the revised EU Cybersecurity Act
Publish Date: 2026-01-24 02:53:00
Source Domain: www.cybersecurity-insiders.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
As Brussels prepares to present the revised EU Cybersecurity Act, it has a rare opportunity to strengthen the foundations, creating a more ambitious piece of legislation that focuses on fostering interoperability in order to improve resilience across the EU. The cybersecurity industry has undergone enormous change since the Act was issued in 2019. The wide availability of generative AI and subsequent rise in agentic AI has meant bad actors are now unearthing infinitely more inventive ways of launching attacks and breaching defences.
Alongside the diversification of attack vectors, the sheer pace of change within the technology industry and increasing digitization across all sectors means that creating up-to-date cybersecurity regulation is becoming even more difficult. It’s for this reason that any revision of the EU Cybersecurity Act should focus on equipping the bloc with the means to navigate and implement cybersecurity rules and certification frameworks effectively across EU27, that aligns with international frameworks, enhances public-private collaboration and market uptake.
While the initial EU Cybersecurity Act was a welcome piece of regulation and has undoubtedly elevated the EU’s cybersecurity posture, more can be done to drive resilience if we work together. Currently, we have several cybersecurity regulations that are being implemented at a different pace, states of maturity, and some of them in at least 27 different ways across the EU member states. Local amendments combined with a lack of harmonised definitions and reporting requirements are having the opposite impact on cybersecurity resilience that the EU cyber acquis intended. The European Union is currently rolling out the Digital Omnibus which aims to align the various incident reporting requirements set under the many existing legislations. In order to fully achieve this objective, the co-legislators should ensure that ENISA’s revised mandate aligns with its new obligations set under NIS2 and the Cyber Resilience Act.
As a first step to solving this issue of fragmentation, ENISA must be granted a significant increase in resources and funding that is commensurate with the mission that we’re asking it to fulfil. Adequately resourced, ENISA would be able to work more closely with national cybersecurity agencies to effectively develop robust, cross-border frameworks and deliver unified standards and guidelines with the urgency that our threat environment demands. Beyond coordination, ENISA’s role in monitoring the threat landscape and providing central intelligence should be significantly enhanced in the revision to ensure organizations stay ahead of emerging risks.
Finally, the Cybersecurity Act review should focus on streamlining the development of new ICT certification schemes, which has proven to be a complex process over the past few years, with only one adopted EU scheme so far. Supporting a framework that fosters expert-led stakeholder input into the development of the technical criteria could be a critical component for the faster,and more scalable adoption and deployment of such schemes.
Ultimately, any revision to the EU Cybersecurity Act should look to tackle the issues of fragmentation and isolation by empowering harmonization and collaboration. Threat actors are not going to sit by idly and ENISA must be given the ability to act as the unifying force that drives cross-border threat intelligence, establishing a baseline of common practices to be adopted across the region.
Join our LinkedIn group Information Security Community!
