By Júlia Tar and Luca Bertuzzi ( November 13, 2025, 12:30 GMT | Insight) -- Proposals to include non-technical risk factors in cybersecurity certification — such as third-country influence — go beyond what EU law allows, Germany says in a document dated Nov. 4 and seen by MLex. Such considerations relate to public and national security and should remain the sole responsibility of member states, according to a “non-paper” calling for the Cybersecurity Act to make this limitation clear.A "non-paper" by Germany, dated Nov. 4 and seen by MLex, outlines the country's priorities for upcoming EU cybersecurity reforms. It highlights the debate over the European Cybersecurity Certification Scheme for Cloud Services, or EUCS, as a key issue, stressing the need for legal clarity on the limits of such certification schemes....
Prepare for tomorrow’s regulatory change, today
MLex identifies risk to business wherever it emerges, with specialist reporters across the globe providing exclusive news and deep-dive analysis on the proposals, probes, enforcement actions and rulings that matter to your organization and clients, now and in the longer term.
Know what others in the room don’t, with features including:
- Daily newsletters for Antitrust, M&A, Trade, Data Privacy & Security, Technology, AI and more
- Custom alerts on specific filters including geographies, industries, topics and companies to suit your practice needs
- Predictive analysis from expert journalists across North America, the UK and Europe, Latin America and Asia-Pacific
- Curated case files bringing together news, analysis and source documents in a single timeline
Experience MLex today with a 14-day free trial.