BRUSSELS — The Business Software Alliance (BSA) today welcomed the European Commission’s launch of the review of the EU Cybersecurity Act, underscoring the importance of keeping EU cybersecurity certification focused on technical, risk-based security requirements.

As cyber threats continue to evolve, the review presents an important opportunity to strengthen EU cybersecurity certification schemes by improving their efficiency, governance, and uptake across the Single Market. BSA supports efforts to ensure that certification remains technically grounded and delivers real, measurable cybersecurity outcomes in practice.

“The Cybersecurity Act review is an important opportunity to ensure that EU cybersecurity certification remains focused on technical, risk-based requirements that genuinely strengthen security,” said Hadrien Valembois, Director, Policy – EMEA at BSA. “A streamlined and predictable certification framework is essential for improving uptake across the Single Market and delivering real-world cybersecurity outcomes.”

BSA also welcomes steps to reinforce the role of the EU Agency for Cybersecurity (ENISA), including updates to its mandate and resources, where these measures support effective implementation, coordination, and practical guidance.

In addition, BSA sees value in increased stakeholder participation in the Certification process “in a timely manner” and through “a formal, open, transparent and inclusive consultation process", as close engagement with industry is essential to developing certification schemes that are workable, scalable, and responsive to real-world security needs.

BSA remains committed to working constructively with the European institutions and stakeholders to support effective cybersecurity policy that strengthens security while enabling innovation and competitiveness in Europe.