News & Events

News

EU Cybersecurity Act Proposal

January 29, 2026

On 20 January 2026, the European Commission published the EU Cybersecurity Act Proposal, which includes changes to the Cybersecurity Act and targeted amendments to the NIS2 Directive.

The original framework of the Cybersecurity Act, adopted in 2019, established the basis for the European Cybersecurity Certification System and strengthened the mandate of the European Union Agency for Cybersecurity (ENISA) as the Union’s technical reference authority.

As cyberattacks have grown more frequent and more advanced, critical sectors such as energy, telecommunications and finance are facing higher risks. Because of this, the updated Act aims to create a stronger, more coordinated cybersecurity system across all EU Member States.

Key Changes Proposed

  • A Better Cybersecurity Certification System
  • A Stronger Role for ENISA with extra responsibilities
  • Focus on Supply Chain Security
  • Better Alignment With Other EU Laws such as the NIS2 Directive and the Cyber Resilience Act

The proposal will now be discussed by the European Parliament and the Council of the EU. Once agreed, Member States will support implementation at national level.

The NCCA will continue to monitor developments and provide guidance to organisations, as new rules come into effect.

The Proposal is available for download here.

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.