On 20 January 2026 the European Commission published its proposal for a new cybersecurity package to strengthen the EU's cybersecurity resilience and capabilities in the face of growing threats of sophisticated cyber-attacks, including undue foreign interference. Read our overview of the key points.
According to a recent LinkedIn post from StackHawk, the upcoming EU Cyber Resilience Act (CRA), effective December 2027, is expected to tighten requirements for sof...
According to a recent LinkedIn post from StackHawk, the upcoming EU Cyber Resilience Act (CRA), effective December 2027, is expected to significantly tighten requir...
According to a recent LinkedIn post from StackHawk, the upcoming EU Cyber Resilience Act (CRA), effective December 2027, is expected to materially change how softwa...
NIS2 introduces incident reporting requirements that overlap with GDPR, DORA and other laws. The EU Digital Omnibus promises to streamline these, but questions around notification timelines and liability persist.
According to a recent LinkedIn post from StackHawk, the upcoming EU Cyber Resilience Act (CRA), effective December 2027, is described as materially tightening requi...
A key component of this Package is the proposed "Cybersecurity Act 2.0," which would revise the original 2019 Cybersecurity Act (see our 2019 Alert here). In a nutshell, the new Cybersecurity Act would: Expand the role of the European Union Agency for Cybersecurity ("ENISA") by empowering it to issue early alerts on cyber threats and incidents, manage EU-level threat and incident repositories, operate a unified incident notification platform, support organizations in responding to and recovering from ransomware attacks, and contribute to the development of EU cybersecurity certification schemes. Simplify and enhance the Cybersecurity Certification Framework established under the 2019 Cybersecurity Act, which allows for the certification of information and communication technology ("ICT") products, services, and processes. While, at this stage, certification would remain voluntary for businesses, the proposal introduces three key changes: (i) expanding the scope of the certification so entities can certify their overall cybersecurity posture, creating a presumption of conformity with the NIS2 Directive and other relevant EU legislation; (ii) introducing defined procedures and timelines for the development of new certification schemes, including a default 12‑month period for ENISA to produce a candidate scheme after an EU Commission request; and (iii) aligning certification schemes more closely with EU cybersecurity regulations so businesses can use them as practical compliance tools. Introduce a horizontal framework to strengthen the security of ICT supply chains across critical sectors. The EU Commission would conduct EU‑level risk assessments to pinpoint ICT supply‑chain vulnerabilities, identify critical ICT assets, and assess technical and non‑technical risk factors, including potential third‑state influence. The framework provides for targeted mitigation measures, which may include restrictions or prohibitions on the use of ICT components from suppliers classified as high-risk (i.e., those based in third countries flagged by the EU Commission for cybersecurity concerns, or those that the EU Commission directly designates as posing significant non‑technical risk). The Package will now proceed through the ordinary legislative procedure, with timing not yet specified. Further discussions and amendments are therefore expected. In the meantime, businesses should monitor the process and proactively evaluate how the Package may affect their cybersecurity governance, including by auditing their ICT supply chains.
Although presented as a simplification exercise, the proposed NIS2 amendments would amount to a substantive recalibration. The emphasis is on legal certainty and convergence, while formally...
On 30 January, the European Commission's central infrastructure managing mobile devices identified traces of a cyber-attack, which may have resulted
Düsseldorf, 5 February 2026 – The Cyber Resilience Act will have its first direct regulatory impact in 2026. Manufacturers of digital devices, machines and systems with an internet connection will be required to comply with new reporting and security obligations. This is highlighted by ONEKEY, a Düsseldorf-based cybersecurity company that operates a platform for analyzing device firmware…
On 20 January 2026, the European Commission proposed a new cybersecurity package, aimed at strengthening the EU’s cybersecurity resilience and capabilities. The package includes a revised...
Effective 2026, regulatory Symbiosis in European Industry! The transition from voluntary best practices to enforceable executive accountability via the integration of NIS2 operational mandates and CRA security-by-design processes.
The European Commission has kicked off 2026 with a new cybersecurity package. It sends a clear message that the current cyber threat landscape has outgr...
The European Network for Cyber Security (ENCS) and the Dutch Institute for Vulnerability Disclosure (DIVD) today announce the signing of a Memorandum of Understanding (MoU) to strengthen cooperation on vulnerability discovery, disclosure, and resolution affecting Europe’s power grids and other critical infrastructure. The MoU was signed yesterday during ENCS’ annual General Assembly meeting, held at…
There is time until the end of March to participate in the first open call launched by the SECURE project, funded by the Digital Europe programme.
Explore the European Commission's new cybersecurity package, including Cybersecurity Act 2 and NIS2 amendments, enhancing EU cyber resilience and compliance.
Learn what the EU Cyber Resilience Act (CRA) 2026 means for IoT devices, why it matters to consumers, and how to protect smart homes.
Learn what the EU Cyber Resilience Act (CRA) 2026 means for IoT devices, why it matters to consumers, and how to protect smart homes.
Learn what the EU Cyber Resilience Act (CRA) 2026 means for IoT devices, why it matters to consumers, and how to protect smart homes.
Exein announced a strategic partnership with Mesh Systems. Together, the companies will help manufacturers strengthen security at the source, starting with firmware security assurance before devices ship, while supporting readiness for EU cybersecurity regulations, including the Cyber Resilience Act (CRA) and Radio Equipment Directive (RED), as well as the US Cyber Trust Mark. Mesh Systems…
Cybersecurity Law Report has published an article titled, “What International Companies Should Do to Comply With the E.U. Cyber Resilience Act,” co‑authored by Akin cybersecurity, privacy & data protection senior counsel Rita Heimes and Jenny Arlington. The article examines the European Union’s Cyber Resilience Act (CRA), one of the most sweeping cybersecurity regulations governing digital products placed on the E.U. market. The authors outline the CRA’s broad scope, which captures most network‑connected software and hardware, and highlight the regulation’s secure‑by‑design requirements, ongoing security obligations, and significant penalties, noting that the CRA presents material operational and financial risks for international companies, particularly those offering “important” or “critical” products.
The EU Cyber Resilience Act (CRA) is set to reshape the rail supply chain. This webinar explores practical steps for operators and suppliers to ensure compliance, transparency and security across the asset lifecycle.
:quality(90)/p7i.vogel.de/wcms/de/75/de750a367b39ed3167210c6941b067b6/0129059153v1.jpeg)
Cybersecurity regulations such as the Cyber Resilience Act are changing the IoT landscape. It is becoming all the more important for device manufacturers to implement functioning cryptographic measures from the outset and maintain them throughout the entire product lifecycle. An authentication chip such as the TrustMANAGER ECC608 can help here.
On 20 January 2026, the European Commission published a proposal for a recast Cybersecurity Act (“CSA2 proposal”). Given the growing severity of cyberthreats, the recast aims to deliver a measurable improvement to the EU’s cybersecurity posture and ensure that supply-chain risks are effectively addressed.
The European Commission said a new funding scheme has been launched to help micro, small and medium-sized enterprises (MSMEs) upgrade the cybersecurity of their hardware and software products to meet upcoming changed in EU rules. The measures are part of the SECURE project and aim to support companies preparing for compliance with the EU Cyber Resilience Act (CRA), which introduces mandatory cybersecurity obligations for manufacturers across planning, design, development and maintenance phases and starts ap