EU Commission Press Conference on Cybersecurity Act Update скачать в хорошем качестве

EU Commission Press Conference on Cybersecurity Act Update

EU Commission Executive Vice-President Henna Virkkunen delivers a press conference (20 January 2026) on the EU’s Cybersecurity Act and a broader cybersecurity package aimed at strengthening Europe’s cyber resilience and reducing fragmentation across the internal market. In her opening remarks, Virkkunen describes an increasingly challenging security environment in the cyber domain, highlighting the daily impact of cyber incidents on critical infrastructure and the links between cyber operations and wider hybrid activity. She then outlines the Commission’s proposed updates to EU cybersecurity rules, focusing on stronger implementation, clearer responsibilities, and more practical compliance pathways for businesses. WHAT’S COVERED IN THIS PRESS CONFERENCE 1. Strengthening EU-level capabilities Plans to ensure the EU Agency for Cybersecurity (ENISA) is equipped to take on additional tasks and support Member States more effectively. Measures linked to incident reporting, early alerts, and cooperation with national cybersecurity authorities and CSIRTs. 2. De-risking the ICT supply chain and protecting critical sectors A risk-based approach to identifying and mitigating cybersecurity risks in key sectors already covered by NIS2 (including critical services such as energy, water, transport, and healthcare). A push to turn the EU’s 5G cybersecurity toolbox into a more uniform, mandatory approach to avoid market fragmentation and create a level playing field. Discussion of targeted measures for “high-risk suppliers” and how assessments would guide mitigation steps. 3. Simplification and reduced compliance burden References to proposals designed to make compliance easier and improve legal clarity, including targeted amendments to NIS2. Steps intended to reduce unnecessary burden for smaller firms, including changes affecting micro/small companies and a new “small mid-cap” category. 4. A more effective EU cybersecurity certification framework Explanation of the direction for updating EU-level cybersecurity certification so it becomes more dynamic and useful in practice. Clarification in the Q&A on the scope of certification (technical characteristics of products/services) versus broader risk considerations addressed elsewhere in the Cybersecurity Act framework. Q&A HIGHLIGHTS Journalists question the Commission on: How “countries of concern” and “high-risk suppliers” would be identified (and whether lists can be updated). Timelines and implementation, including transition periods discussed in relation to 5G. What consequences may follow from high-risk designations (including potential restrictions related to procurement, funding programmes, certification, and standardisation activities). Whether and how economic impact assessments will be considered alongside cybersecurity risk assessments. A separate question on developments concerning X, including the Commission’s ongoing analysis and consideration of possible next steps under the Digital Services Act (DSA). This video includes both the statement and the Q&A session, providing a clear overview of the Commission’s approach to cybersecurity governance, supply-chain risk management, and the practical application of EU cyber rules. CHAPTERS 00:00 Opening: topic and context 00:12 Cyber threat landscape and critical infrastructure 00:41 Why update EU cybersecurity rules 00:55 Cybersecurity package: main pillars 01:02 Strengthening ENISA 02:03 Incident reporting, alerts, and support to Member States 02:32 Supply chain de-risking and economic security 02:52 5G toolbox: towards a mandatory approach 03:24 Simplification under the “digital omnibus” 03:42 NIS2: scope clarifications and reduced burden 04:18 Ransomware data collection 04:21 Certification: why the framework is changing 05:06 Why cybersecurity is central to daily life 05:40 Q&A begins 05:48 Countries of concern and “X” question 08:17 Countries list, updates, and implementation timing 09:41 5G: excluding high-risk vendors 10:24 Catalogue of high-risk suppliers and transition period 11:38 Consequences of high-risk designation 12:09 Possible restrictions and mitigation measures 14:37 Costs, impact assessment, and certification scope 16:04 Technical vs non-technical risks: clarification 18:19 Case-by-case approach and sector risk assessments 20:05 Closing remarks European Digital Policy Initiative https://edpi.eu/   / eudigitalpolicy     / eudigitalpolicy     / eudigitalpolicy   Uploaded by James Tamim, EU Digital Policy analyst. © European Union, 2026