European Commission Announces New Cybersecurity Package

Source Domain: www.hunton.com

On January 20, 2026, the European Commission proposed a comprehensive new cybersecurity package aimed at strengthening the EU’s cybersecurity resilience and enhancing its capacity to manage evolving threats. The cybersecurity package proposes revisions to the EU Cybersecurity Act, the EU Directive on measures for a high common level of cybersecurity across the European Union (the “NIS2 Directive”), and the European Cybersecurity Certification Framework (the “ECCF”).

The proposed revisions to the Cybersecurity Act will introduce four key elements:

ICT Supply Chain Security Framework: A comprehensive framework shall be established to address information and communication technologies (“ICT”) supply chain security challenges in critical infrastructure.
Enhanced Cybersecurity Certification: The European cybersecurity certification framework will be streamlined and improved to increase efficiency and better respond to market needs.
Administrative Simplification: New measures will be introduced to reduce administrative requirements deemed unnecessary burdens associated with implementing the NIS2 Directive.
Reinforcement of ENISA’s Role: The European Union Agency for Cybersecurity (“ENISA”) will be strengthened. EU Member States will be required to support this enhancement by appointing two liaison officers each.

Amendments to the NIS2 Directive proposed by the European Commission include:

Clarified Scope and Definitions: Amendments will clarify the scope for certain sectors and entities, including healthcare, electricity, hydrogen and chemical providers, and will set clear rules for electricity producers with more than 1 MW of generation capacity.
New Entity Categories: Small mid-cap enterprises will be designated as important entities, lowering compliance and supervisory burdens. Micro and small-sized Domain Name System service providers will be excluded from the scope.
Streamlined Risk Management: Maximum harmonisation for…

Source