{"id":184211,"date":"2026-02-03T15:30:00","date_gmt":"2026-02-03T20:30:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/03\/european-commission-announces-new-cybersecurity-package\/"},"modified":"2026-02-03T15:40:09","modified_gmt":"2026-02-03T20:40:09","slug":"european-commission-announces-new-cybersecurity-package","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/03\/european-commission-announces-new-cybersecurity-package\/","title":{"rendered":"European Commission Announces New Cybersecurity Package"},"content":{"rendered":"

European Commission Announces New Cybersecurity Package<\/a><\/p>\n

https:\/\/www.hunton.com\/privacy-and-information-security-law\/european-commission-announces-new-cybersecurity-package<\/a><\/p>\n

Publish Date: 2026-02-03 15:30:00<\/a><\/p>\n

Source Domain: www.hunton.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. On January 20, 2026, the European Commission proposed a comprehensive new cybersecurity package aimed at strengthening the EU\u2019s cybersecurity resilience and enhancing its capacity to manage evolving threats. The cybersecurity package proposes revisions to the EU Cybersecurity Act, the EU Directive on measures for a high common level of cybersecurity across the European Union (the \u201cNIS2 Directive\u201d), and the European Cybersecurity Certification Framework (the \u201cECCF\u201d).
\nThe proposed revisions to the Cybersecurity Act will introduce four key elements:<\/p>\n

ICT Supply Chain Security Framework: A comprehensive framework shall be established to address information and communication technologies (\u201cICT\u201d) supply chain security challenges in critical infrastructure.
\nEnhanced Cybersecurity Certification: The European cybersecurity certification framework will be streamlined and improved to increase efficiency and better respond to market needs.
\nAdministrative Simplification: New measures will be introduced to reduce administrative requirements deemed unnecessary burdens associated with implementing the NIS2 Directive.
\nReinforcement of ENISA\u2019s Role: The European Union Agency for Cybersecurity (\u201cENISA\u201d) will be strengthened. EU Member States will be required to support this enhancement by appointing two liaison officers each.<\/p>\n

Amendments to the NIS2 Directive proposed by the European Commission include:<\/p>\n

Clarified Scope and Definitions: Amendments will clarify the scope for certain sectors and entities, including healthcare, electricity, hydrogen and chemical providers, and will set clear rules for electricity producers with more than 1 MW of generation capacity.
\nNew Entity Categories: Small mid-cap enterprises will be designated as important entities, lowering compliance and supervisory burdens. Micro and small-sized Domain Name System service providers will be excluded from the scope.
\nStreamlined Risk Management: Maximum harmonisation for cybersecurity risk-management measures and incident reporting will be introduced, supported by European certification schemes to facilitate cross-border compliance.
\nDigital Identity & Wallets: Providers of European Digital Identity and Business Wallets will be classified as essential entities and will be subject to cybersecurity obligations regardless of size.
\nSupply Chain Security: The Commission will develop guidelines to harmonize and simplify information requests for supply chain security, reducing duplicative administrative burdens.
\nRansomware Reporting: Rules for reporting information regarding ransomware attacks will be introduced. In the event of a ransomware attack, certain entities will be required to report sensitive information (such as whether the entity has paid a ransom and, if so, what amount and to whom) to computer security incident response teams (\u201cCSIRTs\u201d) and national authorities.\u00a0 The intention is to enable CSIRTs and national authorities to, amongst other things, compile the intelligence and evidence that law enforcement agencies need to disrupt and dismantle ransomware gangs and sanction their operatives.
\nEnhanced Cross-Border Supervision: ENISA will support risk analysis and joint supervisory actions for essential and important entities operating across multiple Member States.<\/p>\n

The updated ECCF will feature three main changes:<\/p>\n

Expanded and Clarified Scope: The ECCF will be broadened for greater legal certainty and market relevance. Entities will be able to certify ICT products, services, managed security services and their overall cyber posture, supporting compliance and presumed conformity with NIS2 and other EU laws.
\nDefined Timelines and Improved Governance: The ECCF will introduce clear deadlines and deliverables, supported by a more efficient and effective governance model. ENISA, as the scheme manager, will be responsible for maintaining certification schemes and must develop candidate schemes within one year of a European Commission request, as a general rule.
\nHarmonized Compliance Tools: Certification schemes will serve as practical compliance tools for businesses, fully aligned with existing EU cybersecurity legislation.<\/p>\n

The package is to be presented to the European Parliament and European Council for approval.\u00a0 Once approved, the revised Cybersecurity Act will be applicable immediately, and Member States will have one year to transpose the updated NIS2 Directive into national law.
\nRead the press release\u00a0here. Read the revised Cybersecurity Act\u00a0here. Read the proposed NIS2 amendments\u00a0here.
<\/p>\n","protected":false},"excerpt":{"rendered":"

European Commission Announces New Cybersecurity Package https:\/\/www.hunton.com\/privacy-and-information-security-law\/european-commission-announces-new-cybersecurity-package Publish Date: 2026-02-03 15:30:00 Source Domain: www.hunton.com Author:…<\/p>\n","protected":false},"author":1,"featured_media":184212,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.hunton.com\/privacy-and-information-security-law\/assets\/images-t1770150472\/206510.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[33,24],"class_list":["post-184211","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-computer-security","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/184211"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=184211"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/184211\/revisions"}],"predecessor-version":[{"id":184213,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/184211\/revisions\/184213"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/184212"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=184211"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=184211"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=184211"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}