For flexible and market relevant cybersecurity compliance and certification schemes - Orgalime comments on the Commission proposal for a Regulation on a “Cybersecurity Act” (COM(2017) 477 final)

Published:
8 February, 2018
Policies and Issues:
Digitisation, Industrial Policy

On 13 September 2017, the European Commission presented a series of policy and legislative initiatives aiming at completing and reinforcing the cybersecurity pillar of the Digital Single Market.

It is of critical interest to our industry to provide its customers with increasingly interconnected and smart products and services that are safe and secure. Cybersecurity is a prerequisite for the functioning of the Digital Single Market and a fast moving target, which cannot be solved by one-fits-all solution. Our industry is committed to provide customers with the highest level of protection possible against any cyber-attack or unauthorized harmful manipulation or destruction of data. Orgalime is committed to enhancing Europe’s cybersecurity capacity and to nurture trust in ICT products and services. The Commission proposal for a Regulation on ENISA, the "EU Cybersecurity Agency", and on Information and Communication Technology cybersecurity certification (''Cybersecurity Act'') is a first step towards a safer and more secure European Digital Single Market.

However, we are concerned that the current draft proposal for a regulation and the regulatory format of a European Cybersecurity Certification Framework (ECCF) fundamentally depart from the robust experience of European harmonisation legislation for products introduced by the New Approach to technical harmonisation and codified in a “New Legislative Framework” (NLF) in 2008. Orgalime underlines the importance and relevance of NLF principles when it comes to legislation applying to the placing of products on the market. These are based on international and European standards, flexible adaptation of product requirements via standardisation procedures, well-established and widely accepted conformity assessments procedures (including the manufacturer’s self-declaration of conformity  and third party certification). Such a well-established system strives for broad acceptance by users and providers, safeguarding a level-playing field within the market for domestic manufacturers and importers, and finally an adequate and effective enforcement.

Finally, static schemes do not necessarily offer the preferred approach to cybersecurity. Therefore, a sectoral approach that takes into consideration the different exposure levels, threats and security architectures of individual economic sectors is necessary as a one-size-fits-all approach will not be appropriate to promote cybersecurity.

Download to read our position in full.

2018-08-02 PP on the EC draft Regulation for ... (418.07 KB)Download
Responsible:
Pierre Lucas
Position:
Manager
Responsible:
Gerrit Steinfort
Position:
Adviser

Latest Tweets

Follow us on Twitter
RT @maltelohan: RT @maltelohan: #GDPRday is finally here! Good moment to think about the EU #DataEconomy and need for a future-proof data policy for emergi…
1 day 52 min ago
RT @OrgalimeTrade: RT @OrgalimeTrade: Ahead of the @Europarl_EN vote on trade defence instruments next week, check out the @Orgalime views https://t.co/7aLsbj
1 day 4 hours ago
RT @EFFRA_Live: RT @EFFRA_Live: Have your say! Our #HorizonEU (#FP9) consultation for Factories of the Future is open! ➡️ https://t.co/kGD7h85hSS Your oppo…
1 day 5 hours ago