Cybersecurity Act

Key points

The EESC:

• welcomes the revision of the Cybersecurity Act and updates to the NIS 2 Directive, stressing that cybersecurity must be treated as a core issue of economic security and geopolitical resilience, while simplifying rules and reducing administrative burdens for businesses;
• walls for a stronger and better-resourced ENISA, with a clear, consolidated mandate and sufficient funding and staff to effectively deliver its expanded responsibilities, including in skills development and certification;
• highlights the critical role of workforce skills and training in cybersecurity resilience, supporting EU-wide skills frameworks and certification schemes, while ensuring they remain practical, coordinated and accessible across Member States;
• highlights the growing importance of cybersecurity for democratic resilience, urging enhanced EU coordination to protect elections and critical infrastructure from cyberattacks, disinformation and foreign interference;
• supports a streamlined and effective certification framework, based on a “certify once, certify everywhere” approach, ensuring legal clarity, transparency and proportionality, particularly for SMEs and cross-border operators;
• urges a balanced approach to ICT supply-chain security, with transparent, risk-based measures and full assessment of economic, operational and social impacts, while avoiding excessive compliance burdens and ensuring strong involvement of social partners and stakeholders.

Experts hearing

On 3 March 2026, the INT Section meeting hosted an expert hearing on a Proposal for a revised Cybersecurity Act and targeted amendments to the NIS2 Directive as part of the new Cybersecurity Package published by the European Commission the 20 January 2026. In light of increasing geopolitical tensions, the European Commission recognizes the need to strengthen the EU's cybersecurity rules. Read the highlights

For more information, please contact INT secretariat.