Posted on Leave a comment

What is the EU Cybersecurity Act and what does it mean for companies based in the USA?

During the previous weeks, we have provided an overview of the EU NIS Directive, focusing on essential system operators (OES), Digital Service Providers (DSP) and compliance structures. On 27 June, the European Cybersecurity Act entered into force, establishing the new mandate of ENISA, an EU Agency for Cybersecurity, and establishing the European Cybersecurity Certification Framework.

The cybersecurity law at a glance

The EU Cybersecurity Directive gives a permanent mandate to the agency (ENISA), which has now changed its name to the EU Cybersecurity Agency, at a time when it guarantees more resources and authority.

ENISA will play a key role in creating and maintaining the European cybersecurity certification framework, preparing the technical terrain for specific certification schemes and informing the public about certification schemes, as well as certificates issued through a dedicated website.

The EU Cybersecurity Certification Framework

Certification plays a critical role in increasing confidence and security in products and services that are crucial to the EU digital market.
To express the risk of cybersecurity, a certificate can refer to three levels of guarantee (basic, substantial, high) that are proportional to the level of risk associated with the intended use of the product, service or process in terms of the probability and impact of an incident. For example, a high level of warranty means that the certified product has passed the highest safety tests.

 Subscribe to our newsletter:
To contact us:
+33(0)787 04 12 37

800 5f899ff3eda2d
Leave a Reply