{"id":180523,"date":"2026-01-22T05:21:00","date_gmt":"2026-01-22T10:21:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/22\/eu-cybersecurity-act-reforms-spark-backlash-but-supporters-say-supply-chain-resilience-hangs-in-the-balance\/"},"modified":"2026-01-22T05:50:09","modified_gmt":"2026-01-22T10:50:09","slug":"eu-cybersecurity-act-reforms-spark-backlash-but-supporters-say-supply-chain-resilience-hangs-in-the-balance","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/22\/eu-cybersecurity-act-reforms-spark-backlash-but-supporters-say-supply-chain-resilience-hangs-in-the-balance\/","title":{"rendered":"EU Cybersecurity Act reforms spark backlash, but supporters say supply chain resilience hangs in the balance"},"content":{"rendered":"

EU Cybersecurity Act reforms spark backlash, but supporters say supply chain resilience hangs in the balance<\/a><\/p>\n

https:\/\/capacityglobal.com\/news\/eu-cybersecurity-act-sparks-backlash\/<\/a><\/p>\n

Publish Date: 2026-01-22 05:21:00<\/a><\/p>\n

Source Domain: capacityglobal.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. As digital rights groups warn of risks to net neutrality and regulatory overreach, while cybersecurity experts argue the update is critical to strengthening Europe\u2019s fragmented supply chains.
\nUnveiled earlier this month, the reforms are designed to boost cybersecurity capabilities, improve resilience and prevent fragmentation across the EU\u2019s digital single market.
\nThe Commission has framed the proposals as a response to mounting geopolitical tensions, rising cyber threats and growing interdependence across digital infrastructure.
\nBut critics argue the package goes far beyond cybersecurity, potentially reshaping how Europe\u2019s internet, interconnection and regulatory frameworks operate.
\nCivil society group epicenter.works has emerged as one of the most vocal opponents, warning that the reforms could weaken long-standing net neutrality protections and concentrate excessive power within the European Commission. The organisation says the proposals risk reopening debates settled more than a decade ago, when net neutrality rules were enshrined in EU law to ensure equal treatment of internet traffic.
\n\u201cWe are deeply disappointed by this proposal from Commissioner Henna Virkkunen,\u201d said Thomas Lohninger of epicenter.works. \u201cIt would have been the opportunity of her term to show independence from the telecom industry and propose a balanced reform. Instead, citizens now have to defend net neutrality protections enshrined in EU law a decade ago.\u201d
\nA central concern is the Commission\u2019s expanded role under the revised framework. Critics point to provisions that would give the Commission a seat in confidential working groups traditionally led by independent national regulators, as well as the power to propose rules related to paid prioritisation, often described as \u201cfast lanes\u201d that could conflict with existing regulatory guidance.
\nLohninger described the move as a \u201cpower grab\u201d, warning it risks blurring the boundary between political oversight and independent regulation. He also criticised the proposals for introducing new bureaucracy at a time when the Commission has pledged deregulation and simplification.
\n\u201cIn a mandate that is driven by deregulation and simplification, the Commission proposes new regulation with an extensive bureaucracy for the interconnection market,\u201d he said. \u201cAccording to EU\u2019s top telecom regulators this market works well and needed no regulation.\u201d
\nThe interconnection market has long been a sensitive area of European telecoms policy, sitting at the intersection of network investment, competition and internet openness. Regulators have historically taken a light-touch approach, arguing that commercial agreements between operators, content providers and cloud platforms have delivered efficient outcomes without heavy-handed oversight.
\nCritics now warn that new rules could upset that balance, creating barriers within the single market and making it harder for companies, particularly smaller digital service providers, to reach users across Europe on equal terms.
\n\u201cThis could even create new barriers within the single market, making it harder for companies to offer online services to all Europeans,\u201d Lohninger said.
\nHowever, others argue the proposed update addresses long-standing weaknesses in how cybersecurity and supply chain risk are managed across the bloc.
\nKatharina Sommer, hroup head of government affairs at NCC Group, said the reform is an important step towards tackling fragmentation, one of the biggest practical challenges in securing digital supply chains.
\nShe said the proposals align requirements for organisations covered by NIS2 with expectations placed on their suppliers, while also seeking to harmonise obligations across the Cyber Resilience Act and EU-wide certification schemes.
\n\u201cThis will help organisations better understand their obligations and focus their resources on managing real risk rather than navigating overlapping requirements,\u201d Sommer said. \u201cThe update will build trust and raise the baseline level of security across Europe\u2019s digital ecosystem.\u201d
\nAccording to Sommer, the introduction of outcome-focused minimum standards and EU-wide technical criteria for supply chain security could provide a more coherent framework for managing risk. She also highlighted the importance of promised European Commission guidance on supply chain requirements, saying it offers an opportunity to clarify responsibilities and create greater consistency in what organisations ask of their suppliers.
\nCrucially, Sommer argued the update reflects a broader understanding that cyber risk cannot be treated in isolation.
\n\u201cRecent incidents have shown how supplier failure, concentration risk and operational dependencies can create systemic disruption, even where cyber security controls are strong,\u201d she said, adding that closer alignment with wider digital resilience frameworks, such as DORA, is essential.
\nYet even supporters of the reforms caution that stronger EU rules alone will not be enough. Sommer stressed that modern supply chains are inherently cross-border, with cyber incidents frequently spanning multiple jurisdictions.
\n\u201cWithout close cross-border cooperation, regulatory improvements risk being undermined by misaligned standards, weaker incident response and gaps in preparedness and skills,\u201d she said, pointing to the importance of collaboration with partners such as the UK.
\nThe contrasting reactions underline the complexity facing EU policymakers as they attempt to strengthen cybersecurity while preserving openness, competition and regulatory balance.
\nIndustry groups, including the GSMA, have already warned that aspects of the reforms could increase costs and divert investment from network upgrades, while technology vendors have raised concerns about parallel EU efforts to restrict so-called high-risk suppliers.
\nAs the proposed revisions move through the European Parliament and EU member states, amendments are expected and the final shape of the legislation remains uncertain.
\nRELATED STORIES
\nGSMA warns EU Cybersecurity Act revisions could slow network upgrades
\nEU overhauls EuroHPC to power AI gigafactories and quantum build-out<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

EU Cybersecurity Act reforms spark backlash, but supporters say supply chain resilience hangs in the…<\/p>\n","protected":false},"author":1,"featured_media":180524,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/capacityglobal.com\/wp-content\/uploads\/2026\/01\/EU-.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24],"class_list":["post-180523","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/180523"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=180523"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/180523\/revisions"}],"predecessor-version":[{"id":180525,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/180523\/revisions\/180525"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/180524"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=180523"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=180523"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=180523"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}