The European Telecommunications Standards Institute (ETSI) has outlined its strategic response to the European Commission’s Cybersecurity Act 2 proposal, integrating key takeaways from the recently concluded 10th Cybersecurity Standardisation Conference.
As regulatory pressure increases across the European Union, standard-setting bodies are prioritizing resilience, transparency, and unified frameworks for digital infrastructure, specifically anticipating next-generation rollouts like 6G and heavily interconnected IoT ecosystems. The focus remains heavily on building certification schemes that ensure trustworthiness and privacy by design.
What is the Cybersecurity Act 2?
The proposed updates to the EU Cybersecurity Act aim to introduce more comprehensive European cybersecurity certification schemes for “managed security services.” This expansion is designed to foster a trusted environment where businesses and citizens can rely on certified external security providers, thus hardening the region’s collective defense against systemic threats.
How to check if you’re affected
Affected Scope: This policy impacts managed security service providers (MSSPs) and enterprise telecommunications equipment vendors operating within the European Union. There are no specific consumer affected models or versions.
- For Enterprise Security Teams: Review your current managed security service providers (MSSPs). Ask if they are tracking the EU’s evolving certification schemes and preparing for compliance.
- For Technology Vendors: Monitor ETSI’s upcoming draft standards for product security, particularly if you operate in the 5G/6G, IoT, or telecommunications sectors within the EU market.
- For Everyday Users: While this is an enterprise-level policy shift, the downstream effect will be more robust privacy protections and security standards for the devices and services you use daily. No immediate action is required.