The revision of the EU Cybersecurity Act aims to strengthen ENISA, further develop the European framework for cybersecurity certification, and enhance the security of ICT supply chains. In particular, ENISA should be strengthened as a central operational coordination body and platform for uniform reporting structures, while the EUCF must make certifications more transparent, faster, and voluntary to use, without creating new parallel verification and audit requirements. The planned regulations on ICT supply chains require a clear, risk-based, and proportionate approach. Measures targeting suppliers or specific third countries must be based on comprehensible criteria and transparent procedures. Therefore, legally sound decision-making processes, realistic transition periods, the involvement of affected industries, and close coordination with existing European and national security requirements are essential.
