EU Cybersecurity Strategy can fuel Europe’s ambition to become a global digital leader

MEPs Eva Kaili, Rasmus Andresen and Evžen Tošenovský provide their views on the current legislative situation ahead of the European Parliament’s adoption of the NIS2 Directive
Adobe stock

Setting norms and standards

Make the EU a cybersecurity leader, says Eva Kaili.

In our interconnected world, sophisticated cyberattacks transcend borders. Therefore, we need action at European level to improve our collective cybersecurity and resilience. As the digital world evolves, the threat landscape continues to expand. Cybersecurity and cyber resilience must be top priorities for the EU, to protect governments, businesses and citizens from evolving threats. 

The EU Cybersecurity Strategy is a brave step in ensuring the security, trustworthiness, and reliability of digital infrastructure, products, and services. The NIS2 Directive, a main component of the new Strategy, aims to elevate the level of cybersecurity for entities in critical sectors of the EU economy and society by categorising entities as ‘essential’ and ‘important’, expanding the range of sectors of the covered by the Directive, establishing harmonised risk management measures and reporting obligations for economic players.

The COVID-19 pandemic has shown this to be particularly important, as the security of personal data and of e-Health infrastructure became critical. The NIS2 Directive establishes supervision and enforcement requirements, ushering a precautionary principle of cybersecurity by design for European entities. 

We design legislation that makes Europe capable of protecting and defending itself against evolving cyberthreats. The EU Cybersecurity Strategy can become a global blueprint and fuel Europe’s ambition to become a global digital leader with a strong voice at the international level by setting norms and standards to elevate the level of cybersecurity. 

Eva Kaili (S&D, EL) is shadow rapporteur on the Proposal for a directive on measures for a high common level of cybersecurity across the Union (NIS2)

Security through transparency

Invest in cybersecurity now, says Rasmus Andresen.

Virtually every day, we hear news of cyberattacks on state institutions, large companies or critical infrastructure. In these times, when so many of our daily activities and even political negotiations take place online, we need to ‘up our game’ to ensure secure connectivity and information exchanges across the entire European Union.

Digital information exchanges do not observe national borders and neither do cyberattacks. With our heavily interconnected societies, we are always as vulnerable as our weakest link. Therefore, it is in our common European interest to collectively invest more in cybersecurity research and strive for a higher common level of cybersecurity throughout the EU.

With the revised Network and Information Security Directive (NIS2) and the Cybersecurity Competence Centre - for which I was the rapporteur - we are taking important steps in that direction. By funding and encouraging the use of open-source software in particular, we can make sure that IT products can be independently checked, fixed and advanced. Security through transparency should be our guiding principle.

Governments also need to make sure that they do not become part of the problem, by weakening end-to-end encryption in pursuit of building in back doors for their law enforcement units. 

Rasmus Andresen (Greens/EFA, DE) is shadow rapporteur on the Proposal for a directive on measures for a high common level of cybersecurity across the Union (NIS2)

The EU is now taking cybersecurity seriously

Cybersecurity essential in all domains says Evžen Tošenovský.

I am glad to see that in recent years the European Union has started to take cybersecurity seriously. In my opinion, the game changer was the Cybersecurity Act with its permanent mandate for The European Union Agency for Cybersecurity (ENISA) and European certification schemes. Nowadays, everyone recognises that a high level of cybersecurity is a prerequisite for the Union’s success in all domains, not merely digital. 

The European Commission seems to be on the right track with its complex Cybersecurity Strategy unveiled in 2020. On the NIS2 Directive, we are progressing well to adopting the Parliament’s position in November, earlier than the Council will. It is particularly beneficial for us to have a rapporteur - my colleague Bart Groothuis – who has practical professional experience in cybersecurity.

The 2013 NIS directive established a solid base; now, our goal should be to make the updated rules work for both in-scope businesses and national authorities. It is, for example, important that we request risk-based measures and reasonable reporting obligations from entities, that the cybersecurity bar is not lowered for electronic communications networks and services and that computer security incident response teams (CSIRT), focus on incidents with higher criticality levels.

There are a few points where I represented a minority opinion: With peer reviews, we might enter an area of sensitive information for national security; I also advocated that certification should remain voluntary. That said, I appreciate the spirit of cooperation among our European Parliament team, and I broadly support the rapporteur’s approach and agreed compromises.

Evžen Tošenovský (ECR, CZ) is shadow rapporteur on the Proposal for a directive on measures for a high common level of cybersecurity across the Union (NIS2)

Read the most recent articles written by The Parliament Magazine - The Parliament's latest print issue is out