CECIMO and other EU associations issued a letter on the EU Cybersecurity Act

CECIMO and other associations at the European level issued a letter addressed to the European Institutions about the forthcoming Cybersecurity Act.

The industry is calling the European Parliament and Council to consider the following elements in their debate:

1. Under the current definitions, most of our industrial applications would fall under the assurance level “substantial”. This puts pressure on our industries’ products, services and processes that would have to undergo time-consuming and costly third-party certification, which would severely constraint our SMEs.
2. Furthermore, to have a pragmatic and sensible approach to cybersecurity certification, it is essential to set a transparent, flexible, inclusive and structured process, followed by an assessment of market needs or failures under the Framework. Therefore, we urge the co-legislators to take into account the system of ad-hoc consultation platforms for the elaboration and preparation of each specific candidate schemes.
3. Lastly, Europe requires a future-proof European certification framework for cybersecurity. Whether certification should be of mandatory or voluntary nature should be defined on a case-by-case basis, and during the process of preparing and elaborating a candidate scheme.