The European Commission announced on 20 January that it will overhaul the Cybersecurity Act to strengthen resilience across the Union’s digital ecosystem. The new framework, designed before the 2026 parliamentary elections, seeks to tighten certification rules for digital products and services, curb supply‑chain vulnerabilities from third‑country vendors, and boost collective response mechanisms against state‑backed attacks.
Key provisions
The revised act will expand mandatory security requirements to include not only software but also hardware components used in critical sectors such as energy, transport, and health. It introduces a higher risk threshold for products sourced from outside the EU, requiring additional due‑diligence checks before certification.
Impact on elections
Political analysts note that these measures come at a time when cyber‑attacks targeting electoral systems have increased globally. Brussels aims to ensure that voting platforms and voter data repositories are shielded from foreign interference, especially from nation‑states with advanced cyber capabilities.
"The EU’s commitment to secure democratic processes is reflected in this legislation," said European Commissioner for Digital Affairs. "We must protect elections from emerging threats."
Industry reaction
Tech firms have expressed mixed feelings. While some welcome the clarity and stronger safeguards, others warn that heightened certification costs could slow innovation, particularly among small‑and‑medium enterprises.