Cybersecurity Act 2: Do Not Sacrifice Competitiveness

Cybersecurity is a key prerequisite for Europe’s economic strength and technological sovereignty. With its proposal for the Cybersecurity Act 2, the European Commission is pursuing the right objective: security requirements should become more effective, more coherent and less complex.

The key now is to achieve this goal in practice. Companies in the electrical and digital industries are already faced with a multitude of parallel cybersecurity requirements. Additional bureaucracy ties up scarce skilled workers, hinders investment and weakens innovative capacity. Greater security is not achieved through new compliance obligations, but through clear, risk-based and internationally compatible rules.

The ZVEI therefore calls for:

• Limit supply chain requirements specifically to particularly critical sectors
• Define high-risk suppliers in a legally sound and pragmatic manner
• Impose bans only where robust alternatives are actually available
• Make greater use of existing international standards
• Avoid parallel certification systems

A stronger role for ENISA can make an important contribution – but this must not entail additional costs for industry.

Cybersecurity is a task for society as a whole. Anyone wishing to strengthen Europe’s resilience must also consider the competitiveness of its industrial base. The Cybersecurity Act 2 should therefore provide relief rather than creating new uncertainties and costs.

The ZVEI position paper on the Cybersecurity Act 2 is available for download here.