EUFORYa
Track EU Parliament activity with clear, human-friendly updates.
Track EU Parliament activity with clear, human-friendly updates.
New Cybersecurity Act: Strengthening Digital Safety, Certification, and Supply Chains
Published January 20, 2026
Goal: Unified EU cybersecurity
The European Cybersecurity Act 2 is a regulation that revamps ENISA, creates a certification and skills framework, and sets supply‑chain security rules to strengthen EU cybersecurity.
The European Cybersecurity Act 2 (COM 2026 11 final) is a single, comprehensive regulation that:
- Re‑establishes ENISA as the EU’s central agency for cybersecurity, giving it a new legal status, budget, governance and operational powers.
- Creates a European Cybersecurity Certification Framework that allows the Commission to develop, adopt, maintain and review voluntary certification schemes for ICT products, services, processes, managed security services and the cyber‑posture of entities.
- Introduces a European Cybersecurity Skills Framework and individual attestation schemes to standardise and promote cybersecurity skills across the Union.
- Sets out a trusted ICT‑supply‑chain security framework that identifies key ICT assets, high‑risk suppliers and third‑country risks, and prescribes mitigation measures and prohibitions.
- Repeals the previous Cybersecurity Act (Regulation (EU) 2019/881) and replaces it with a single, harmonised legal instrument that covers all of the above.
In short, the Act’s main purpose is to give the EU a unified, modern legal basis for strengthening cybersecurity across the Union – through a re‑structured ENISA, a harmonised certification and skills‑attestation system, and a robust supply‑chain security regime.
Licensing: The summaries on this page are available under Creative Commons Attribution 4.0 (CC BY 4.0).
The source
