The Information Technology Industry Council (ITI) has submitted comprehensive recommendations to the European Commission on the revision of the EU Cybersecurity Act.

A representative body of global tech companies, and advocates for policies that advance innovation, security, and economic growth, ITI has submitted a set of strategic recommendations to the European Commission, calling for a stronger ENISA, more effective certification schemes, and streamlined, risk-based cybersecurity rules.

In its submission, ITI urges the EU to:

• Empower ENISA with the resources and mandate to drive harmonized cybersecurity practices across Member States
• Improve the development of cybersecurity certification schemes by enhancing transparency and stakeholder involvement
• Simplify the cybersecurity acquis by harmonizing overlapping requirements under NIS2, DORA, and the Cyber Resilience Act
• Promote secure and resilient supply chains without restricting access to trusted global technologies. 

ITI’s proposals aim to strike a balance between high security standards and operational practicality, enabling technology providers to focus on what matters most: protecting Europe’s digital infrastructure and its citizens.

Guido Lobrano, ITI’s senior vice president for Europe, said that by ensuring that the agency is well-equipped and streamlining cybersecurity requirements, “we can enhance both resilience and competitiveness.”

The Cybersecurity Act review is a key opportunity to reinforce what works and reform what doesn’t.” said ITI’s policy manager for EU Cybersecurity, Laura Wiesenfeld.

“Through our contribution and direct engagement with ENISA, we’re encouraging a review that strengthens ENISA’s capacity, improves the development of cybersecurity certifications, simplifies the EU cybersecurity acquis, and ensures the overall framework remains globally aligned and risk-based.”  

Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.