Cybersecurity Act applies false instruments


–  ZVEI and VDMA call for European approach to cyber security
–  EU proposal for third-party certification criticised as pseudo-solution

Industry associations ZVEI and VDMA say European industry needs a common framework for cybersecurity, however the proposed Cybersecurity Act, on which the Committee on Industry, Research and Energy of the European Parliament voted on 10 July, falls wide of the mark. In their view, the draft takes no account of existing procedures for product regulation, and the proposed certification will not help to protect against cyber-attacks in Europe, creating unnecessary extra burden for SMEs instead.
The two industrial associations are calling for greater consideration to be given to existing mechanisms and rules of procedure for product regulation and standardisation. Europe-wide standards, combined with a self-declaration by the manufacturers, would be a more effective way of ensuring a minimum of cybersecurity in Europe. ZVEI and VDMA agree on the result that the Cybersecurity Act in its present form can only be an interim measure.

“The Cybersecurity Act can certainly help to harmonise existing certification in information and communications technology, but it will not make the certified products any safer per se,” says Dr Klaus Mittelbach, CEO of ZVEI. “Responsibility and transparency on the part of the manufacturer need to be bolstered, rather than relying on complex and time-consuming certification.” He also stresses the importance of a common European approach: “Cybersecurity is indispensable if a European Digital Union is to be put in place.”

Thilo Brodtmann, CEO of VDMA, criticises the option of introducing mandatory third-party certification for cybersecurity: “Third-party certification costs companies a lot of money, but hardly adds anything in terms of improved cybersecurity. What is considered secure today could be out of date by tomorrow, so we need dynamic processes, not certification by third parties.” At the same time, Brodtmann emphasises that the subject of cybersecurity needs to be driven further forward at a European level: “No-one in the industry wants a patchwork of 28 national solutions.”

Press contact VDMA: Holger Paul, Phone + 49 69 6603-1922, Email: holger.paul(at)

Press contact ZVEI: F. Rainer Bechtold, Phone +49 69 6302-255, Email: bechtold(at)