Skip to main content

Like many websites, BSA’s websites use cookies to ensure the efficient functioning of those websites and give our users the best possible experience. You can learn more about how we use cookies, and how you can change your browser's cookie settings, in our cookies statement. By continuing to use this site without changing your cookie settings, you consent to our use of cookies.



Software Industry Supports EP's Approach on the EU Cybersecurity Act and Calls for Less Static Legislation

Brussels, 10 July 2018 – BSA | The Software Alliance welcomes today’s adoption of the European Parliament Committee on Industry, Research and Energy (“ITRE”) report on the draft EU Cybersecurity Act Regulation. The ITRE Committee report succeeds in aligning the proposals more closely to the way cybersecurity certification works in today’s marketplace and – at the same time - introduces additional flexibility necessary to adapt the draft Regulation to future trends and cyber threats.

“We see some important edits in the European Commission’s proposal by the European Parliament today. Reinforcing the voluntary nature of certification schemes, asking the European Commission to set a clear roadmap for the development of future market-based schemes and, increasing the role of industry stakeholders in scheme creation are three good examples of how well the European Parliament understands certain aspects of cybersecurity certification. However, there is still room for improvement. Today’s marketplace requires fewer fixed assurance levels and rigid technical requirements” said Thomas Boué, Director General, Policy – EMEA.

BSA calls on the European Parliament to take a more flexible approach during the upcoming trilogue negotiations with the European Commission and the Council of the EU with a particular focus on the following: 1) Re-consider the rigid assurance levels that do not reflect the manner in which certification is handled in the marketplace today. Assurance levels should be defined on a scheme by scheme basis; 2) Avoid the inclusion of specific technical requirements that must be achieved by each scheme; consider referencing high level security principles in line with existing EU legislation. Specific requirements should not be laid down in static legislation as they are not flexible for all types of products and services.


BSA | The Software Alliance (www.bsa.org) is the leading advocate for the global software industry before governments and in the international marketplace. Its members are among the world’s most innovative companies, creating software solutions that help businesses of all sizes in every part of the economy to modernize and grow.

With headquarters in Washington, DC, and operations in more than 30 countries, BSA pioneers compliance programs that promote legal software use and advocates for public policies that foster technology innovation and drive growth in the digital economy.


Michael O’Brien

For Media Inquiries


Media Inquiries


Media Inquiries


Media Inquiries