BSA’s response to the EU’s 2025 Cybersecurity Act review supports streamlining legislation while strengthening EU-wide frameworks. It calls for a risk-based, technical, and globally compatible certification system, warns against sovereignty-driven rules like data localization, and urges greater ENISA involvement, transparency, and harmonized compliance. BSA also stresses that certification should stay technical, not political.
BSA requests to amend the SEC's Final Rule: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by removing the requirement to disclose a material cyber incident within four business days.