{"id":241279,"date":"2026-07-08T04:08:00","date_gmt":"2026-07-08T08:08:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/07\/08\/position-paper-proposal-for-a-cybersecurity-act-2-acea\/"},"modified":"2026-07-08T05:50:09","modified_gmt":"2026-07-08T09:50:09","slug":"position-paper-proposal-for-a-cybersecurity-act-2-acea","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/07\/08\/position-paper-proposal-for-a-cybersecurity-act-2-acea\/","title":{"rendered":"Position paper \u2013 Proposal for a Cybersecurity Act 2 &#8211; ACEA"},"content":{"rendered":"<p><a href=\"https:\/\/www.acea.auto\/publication\/position-paper-proposal-for-a-cybersecurity-act-2\/\">Position paper \u2013 Proposal for a Cybersecurity Act 2 &#8211; ACEA<\/a><\/p>\n<p><a href=\"https:\/\/www.acea.auto\/publication\/position-paper-proposal-for-a-cybersecurity-act-2\/\">https:\/\/www.acea.auto\/publication\/position-paper-proposal-for-a-cybersecurity-act-2\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-08 04:08:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.acea.auto\">www.acea.auto<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>As vehicles become increasingly connected, software-defined products, cybersecurity has become essential for safety, consumer trust, and the functioning of the mobility ecosystem. European vehicle manufacturers have invested heavily in robust cybersecurity systems and therefore support the overall objective of the Cybersecurity Act to strengthen ICT supply chain security in response to growing digital risks.<\/p>\n<p>However, the proposed Trusted ICT Supply Chain framework raises several important concerns:\u00a0<\/p>\n<p>Uneven playing field: the framework applies only to EU manufacturers, creating a competitive disadvantage and a security gap. Extending it to non-EU manufacturers would be difficult, if not impossible, to verify and enforce, resulting in weaker enforcement and therefore leading to the same outcome.\u00a0<\/p>\n<p>Interference with existing product legislation: vehicle\u00a0cybersecurity\u00a0is already comprehensively regulated, and shifting from regulating companies to regulating products could create overlaps and inconsistencies with existing legislation. Additionally, without limitation to companies\u2019 core activities, the framework could bring into scope secondary activities that are not systemically relevant from a\u00a0cybersecurity\u00a0perspective.<\/p>\n<p>Unjustified exclusion of legitimate suppliers: suppliers could effectively be considered high-risk based only on their country of origin, without sufficient consideration of existing safeguards and mitigation measures. This approach risks creating unnecessary legal, commercial, and reputational harm while reducing the assessment to a largely geopolitical exercise, rather than an objective, evidence-based evaluation.\u00a0<\/p>\n<p>Insufficient governance safeguards: The proposal gives the Commission broad discretion to impose measures ranging from risk mitigation requirements to prohibition. It fails to require clear, graduated and evidence-based assessment demonstrating less restrictive measures have failed before imposing prohibition.\u00a0<\/p>\n<p>ACEA therefore recommends:<\/p>\n<p>A more targeted scope:<\/p>\n<p>Exempt entities carrying out manufacturing activities: manufacturers should only be regulated through existing product-based sectoral instruments\u00a0<\/p>\n<p>Focus on an entity-based approach (entities carrying out activities listed in NIS 2 Directive), while products should only be regulated by existing legislation on product safety and cybersecurity.\u00a0<\/p>\n<p>Limit the framework to companies\u2019 core activities, excluding non-systemically relevant ancillary activities.\u00a0<\/p>\n<p>A technically robust, risk-based approach:<\/p>\n<p>Require verification by competent authorities of the effective risk and existing mitigation measures implemented by a supplier, prior to any formal designation as high-risk.\u00a0<\/p>\n<p>Ensure prohibition measures remain last resort, only after mitigation measures have proven insufficient, a minimum of 36 months after their implementation by the supplier.\u00a0<\/p>\n<p>Require that the Commission rely on competent European standardisation organisations to develop risk-proportionate ICT supply chain management measures.\u00a0<\/p>\n<p>Ensure meaningful and continuous industry experts\u2019 involvement throughout the risk assessment process.<\/p>\n<p>\t\t\tAs vehicles become increasingly connected, software-defined products, cybersecurity has become essential for safety, consumer trust, and the functioning of the mobility ecosystem. European vehicle manufacturers have invested heavily in robust cybersecurity systems and therefore support the overall objective of the Cybersecurity Act to strengthen ICT supply chain security in response to growing digital risks. <\/p>\n<p>Downloads<\/p>\n<p>Copyright notice<\/p>\n<p>Reproduction of the content of this document is not permitted without the prior written consent of ACEA. Whenever reproduction is permitted, ACEA shall be referred to as source of the information. Quoting or referring to this document is permitted provided ACEA is referred to as the source of the information.\u00a0<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Position paper \u2013 Proposal for a Cybersecurity Act 2 &#8211; ACEA https:\/\/www.acea.auto\/publication\/position-paper-proposal-for-a-cybersecurity-act-2\/ Publish Date: 2026-07-08&#8230;<\/p>\n","protected":false},"author":1,"featured_media":241280,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.acea.auto\/files\/ACEA-Position-paper-on-Cybersecurity-Act-2-1024x576.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-241279","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241279"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=241279"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241279\/revisions"}],"predecessor-version":[{"id":241281,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241279\/revisions\/241281"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/241280"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=241279"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=241279"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=241279"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}