The European Commission has proposed a new set of cybersecurity measures aimed at strengthening the European Union’s resilience against growing digital threats.

As more activity shifts online, Europe continues to face daily cyber and hybrid attacks targeting essential services and democratic institutions, prompting regulators to reinforce the region’s cyber defenses.

A key element of the proposal is a revision of the 2019 EU Cybersecurity Act, which governs EU-wide cybersecurity certification for digital products, services, and processes.

The updated framework seeks to improve the security of information and communication technology supply chains by reducing reliance on third-country suppliers that pose potential cybersecurity risks. It also aims to ensure that digital products and services used by EU citizens undergo more effective security testing through clearer rules and simplified certification procedures.

Beyond the legislative revision, the Commission has outlined additional steps to ease regulatory compliance for businesses by simplifying jurisdictional requirements and streamlining ransomware incident data collection.

The proposals also call for strengthening the EU Agency for Cybersecurity (ENISA) to enhance its ability to help member states anticipate, prepare for, and respond to shared cyber threats.

The proposed measures will now be reviewed by the European Parliament and the Council of the EU. If approved, they would be implemented across all EU member states.