EU set to broaden scope of cybersecurity certificates in legislative revamp

By Luca Bertuzzi ( January 16, 2026, 11:33 GMT | Insight) -- The European Commission plans to expand EU cybersecurity certification schemes to cover companies’ overall risk-management posture, under a revised Cybersecurity Act due on Jan. 20. Draft rules would use certificates as a presumption of legal compliance and streamline their development, while a separate chapter is set to address non-technical supply chain risks, including high-risk vendors.The European Commission intends to expand the scope of cybersecurity certification schemes to also cover the risk-management posture of certified entities in its revision of the EU Cybersecurity Act, according to a draft obtained by MLex....

Prepare for tomorrow’s regulatory change, today

MLex identifies risk to business wherever it emerges, with specialist reporters across the globe providing exclusive news and deep-dive analysis on the proposals, probes, enforcement actions and rulings that matter to your organization and clients, now and in the longer term.

Know what others in the room don’t, with features including:

Daily newsletters for Antitrust, M&A, Trade, Data Privacy & Security, Technology, AI and more
Custom alerts on specific filters including geographies, industries, topics and companies to suit your practice needs
Predictive analysis from expert journalists across North America, the UK and Europe, Latin America and Asia-Pacific
Curated case files bringing together news, analysis and source documents in a single timeline

Experience MLex today with a 14-day free trial.

Start Free Trial

Already a subscriber? Click here to login

EU set to broaden scope of cybersecurity certificates in legislative revamp

Prepare for tomorrow’s regulatory change, today

Related Sections