Brussels, 10 July 2018 – BSA | The Software Alliance welcomes today’s adoption of the European Parliament Committee on Industry, Research and Energy (“ITRE”) report on the draft EU Cybersecurity Act Regulation. The ITRE Committee report succeeds in aligning the proposals more closely to the way cybersecurity certification works in today’s marketplace and – at the same time - introduces additional flexibility necessary to adapt the draft Regulation to future trends and cyber threats.

“We see some important edits in the European Commission’s proposal by the European Parliament today. Reinforcing the voluntary nature of certification schemes, asking the European Commission to set a clear roadmap for the development of future market-based schemes and, increasing the role of industry stakeholders in scheme creation are three good examples of how well the European Parliament understands certain aspects of cybersecurity certification. However, there is still room for improvement. Today’s marketplace requires fewer fixed assurance levels and rigid technical requirements” said Thomas Boué, Director General, Policy – EMEA.

BSA calls on the European Parliament to take a more flexible approach during the upcoming trilogue negotiations with the European Commission and the Council of the EU with a particular focus on the following: 1) Re-consider the rigid assurance levels that do not reflect the manner in which certification is handled in the marketplace today. Assurance levels should be defined on a scheme by scheme basis; 2) Avoid the inclusion of specific technical requirements that must be achieved by each scheme; consider referencing high level security principles in line with existing EU legislation. Specific requirements should not be laid down in static legislation as they are not flexible for all types of products and services.