The European Commission Proposed a New Package to Strengthen Resilience and Capabilities in the Field of Cybersecurity
21.01.2026The European Commission has proposed a new cybersecurity package aimed at further strengthening the EU’s resilience and capabilities in the context of growing threats to Europe, such as hybrid and cyberattacks.
The package includes a proposal for a revised Cybersecurity Act, which enhances the security of the EU’s information and communication technology supply chains. The objective is to ensure that products reaching EU citizens are protected against cyberattacks by design, through a simplified certification process. The Act also facilitates the implementation of existing cybersecurity rules and strengthens the European Union Agency for Cybersecurity (ENISA) in threat management.
The package introduces measures to simplify compliance with European rules and requirements for companies, complementing the single entry point for incident reporting proposed in the digital “omnibus.” The targeted amendments to the NIS 2 Directive aim to improve legal clarity. They will make compliance easier for 28,700 companies, including 6,200 micro and small enterprises.
Next steps
The Cybersecurity Act will be applicable immediately after approval by the European Parliament and the Council of the EU. The accompanying NIS2 Directive amendments will also be presented for approval. Once adopted, Member States will have one year to implement the Directive into national law and communicate the relevant texts to the Commission.
