Policy decoded: Cybersecurity
13 February 2020
In our ‘Policy Decoded’ series, we break down a policy issue currently in the spotlight. We explain why it matters for the technology industries Orgalim represents. And we look at how we are working with our members across Europe and with EU policymakers to shape an enabling framework for the future.
In focus this time: the quest to build a real European single market for cybersecurity. With digital technology increasingly central to Europe’s economy and society, ensuring a secure cyberspace has become a top policy priority. Yet cybersecurity also has the potential to become a competitive differentiator for EU industry – provided the right framework is in place.
Scroll down to find out why the issue is in the spotlight, why it matters for the technology industries, what Orgalim is doing and how you can find out more.
What’s the issue?
As the digital transformation of Europe’s economy and society continues apace, people, products and systems are connected as never before. This is creating a wealth of opportunities; however, it also opens up the risk that digital infrastructure could be compromised through cyberattacks or data hacks. As a result, cybersecurity is a top priority for governments, industry and citizens more broadly. And with digital threats knowing no borders, EU policymakers have long been active in pursuing a harmonised European approach to this critical issue.
Yet beyond the central imperative of safeguarding digital systems and data, cybersecurity is an increasingly important factor in industrial competitiveness and building public trust in the Digital Single Market. Demand is rapidly rising for cybersecurity solutions that are resilient and flexible enough to meet needs across sectors – making this a competitive differentiator for companies active in this area. For Europe to fully tap into this potential, however, it will need a framework that removes roadblocks to placing cybersecure products on the single market.
Why is it in the spotlight?
Under her headline objective of shaping “a Europe fit for the digital age”, Commission President Ursula von der Leyen has emphasised that the EU must unlock the economic and societal opportunities of digital technology and data “within safe and ethical boundaries”. A European framework to facilitate the development and marketing of cybersecure technologies will be key to making this happen. To this end, Internal Market Commissioner Thierry Breton has been tasked with “building a real single market for cybersecurity” as a top priority for his digital mandate.
An important step in this direction has already been taken with the Cybersecurity Act adopted in 2019, which provides a horizontal approach with the potential to reduce current and potential future fragmentation. However, indications have since emerged that policymakers may now be considering measures that could destabilise the current framework by integrating inconsistent cybersecurity requirements in product legislation such as the Radio Equipment Directive, Low Voltage Directive or Machinery Directive – pursuing a vertical approach that would risk a patchwork of inconsistent requirements, double structures and grey zones.
Why does it matter?
There is no question that robust cybersecurity is essential as our economy and society become more reliant on connected products and systems. And the technology industries understand this better than most: as companies increasingly integrate digital tech and data into their solutions and processes, ensuring the right level of cybersecurity is crucial to gaining the trust of customers and the general public. Indeed, Europe’s technology sectors are at the leading edge of integrating security measures into their products and adopting security-by-design development processes.
As explained above, this means cybersecurity can become a competitive differentiator for Europe – provided the right framework is in place. The New Legislative Framework (NLF) underpinning today’s Single Market has been a success story for decades and remains the essential basis for companies putting products on the EU market. To uphold this success in the digital age, Europe should maintain these tried-and-trusted structures in the single market for cybersecurity too. Policymakers should strive for a harmonised, consistent and coherent approach, avoiding the kind of multi-layered vertical requirements that can lead to fragmentation and legal uncertainty for producers.
By making it as simple as possible for companies to implement security requirements within the single market, a holistic and forward-looking cybersecurity approach will not only raise the overall level of security in European cyberspace – it will provide new opportunities for EU industry to develop and market the kind of connected products and solutions that will give Europe an edge on the global marketplace, too.
What is Orgalim doing?
As the foremost voice of the European technology companies working at the crossroads of digital and physical technology, Orgalim has been engaged in shaping the EU cybersecurity agenda for a number of years. We were active in advocating for flexible and market-relevant cybersecurity compliance and certification schemes during the negotiation of the Cybersecurity Act. And we have been closely involved in discussions on the future direction of policy in this arena, contributing the expertise and insights gained by our industries in over 25 years of operating in the single market.
Our Cybersecurity Task Force brings together experts from our member associations across Europe, representing the full spectrum of technology sectors operating in this arena. They have been monitoring in close detail the latest trends in cybersecurity policy and have put together recommendations for policymakers as the European Commission begins its mandate – presenting seven ‘guiding principles’ that can help build a real European single market for cybersecurity.
Since the publication of this paper, we have been actively engaging with EU policymakers to promote these key messages, coordinating efforts with our member associations working at the national level.
How can I find out more?
The Orgalim position paper ‘Building a real European Single market for Cybersecurity: a Call for a Consistent Approach’ presents our guiding principles for cybersecurity policy to help policymakers ensure a single market that is indeed “fit for the digital age”. The principles are:
- A European approach to cybersecurity
- Consistent and coherent legal requirements
- Common cybersecurity goals to ensure horizontal consistency
- A risk-based approach further to the product’s intended use
- Transparent and internationally recognised standards are key
- Build policies on existing industry security measures
- Competitiveness depends on a level playing field and market surveillance
Click download below to read our views in full – and for further information, please contact Christoph Luykx, Policy Director, at firstname.lastname@example.org