AMETIC, the employer of the digital industry in Spain, has organized an informative day on the new European regulation "Cybersecurity Act", which from June will regulate the implementation of a common European framework for the certification of ICT products and services " cybersecurity ", which promote cybersecurity of online services and consumer devices.
This European regulation not only seeks to increase the confidence of users in relation to the use of connected devices, but also to strengthen the European cybersecurity industry and the European Single Market, positioning it as a reference worldwide, in line with other markets such as the United States or China. The European Union Agency for Network and Information Security (ENISA), which through this regulation will be named as the new European Agency for Cybersecurity, will coordinate and harmonize policies at European level, and will support Member States in the implementation of national plans and strategies in the fight against threats and cybersecurity attacks.
Antonio Cimorra, Director of Information Technologies and Digital Agenda of AMETIC, has highlighted during the opening of the day the advances that the digital transformation has introduced in society, as well as the importance of ensuring cybersecurity. He also commented on the measures that, from AMETIC, and particularly from the Cybersecurity Commission where important suppliers of this technology meet, are being developed in this field. Cimorra also highlighted the association's support for the new European initiative.
Later, Ignacio Pina, Technical Director of the National Accreditation Entity (ENAC), explained that, "although the regulation will not be mandatory at the beginning, as far as certification is concerned, the market itself is likely to regulate the need or not of it". Pina added that "certification in itself does not generate security, but rather seeks to build trust among consumers". In this regard, he commented that "the transition between current national certification schemes in force and the new common European framework will be gradual". On the other hand, he stressed that "the role of the industry in defining the certification schemes that derive from this regulation, is essential for them to be aligned with market needs."
Implications of "Cybersecurity Act"
Next, the round table has taken place How does the Cybersecurity Act impact on companies in the digital sector? moderated by David González, president of the Cybersecurity Commission of AMETIC and Head of Sales Europe and North Africa of G & D. The participants, Mariano J. Benito, CISO de GMV; Jesús Mª Alonso, Head of Consulting Spain of ATOS; Ainhoa Inza, CEO of TCAB, and Miguel Bañón, CEO of EPOCHE & ESPRI, where they discussed the implications of the regulation for the activity of companies in the digital sector, and the following steps to address this new scenario.
In general, the participants commented that it is a very positive initiative since, despite being a voluntary regulation for the time being, it is expected that its impact on the market will increase the number of certified secure ICT products in an important way. They also highlighted that, for Spain, it is an opportunity for consolidation at the European level in terms of cybersecurity, taking advantage of the fact that the Spanish certification ecosystem is among the best valued in Europe.
On the other hand, it has been highlighted that, since there is no sanctioning framework within the regulation, it is important for companies to detect the benefit of certification, such as the impact on the consumer in terms of trust. They have also commented that the objective of this initiative is that consumers "get used" to verify that those ICT products or services that they buy or consume, carry the seal of safety certification.
Finally, the presence of the expert representative of the National Cryptological Center (CCN), an entity that currently coordinates the work of certification in cybersecurity at the national level. CCN has coincided in the great opportunity that "Cybersecurity Act" supposes for the European and Spanish cybersecurity industry when it comes to positioning Europe in line with other markets.