Written by: Haim Ravia, Dotan Hammer
The European Commission has introduced three interconnected legislative proposals aimed at modernizing the EU’s digital infrastructure and cybersecurity frameworks while reducing regulatory burdens on businesses.
Digital Networks Act
The European Commission’s proposed Digital Networks Act consolidates multiple EU telecommunications laws—including the European Electronic Communications Code, the BEREC Regulation, the Radio Spectrum Policy Programme, and parts of the ePrivacy Directive – into a single regulation.
The proposal aims to eliminate market fragmentation that has hindered European telecom operators from scaling across borders and competing globally. Key measures include harmonizing authorization conditions across Member States, creating unified spectrum management through a new Radio Spectrum Policy Board, and establishing the Office for Digital Networks as a consolidated EU agency.
The regulation modernizes rules for IP-based networks, strengthens provisions for satellite connectivity to support EU strategic autonomy, and enhances network resilience requirements. It updates privacy provisions on caller identification for modern VoIP systems and removes obsolete directory service obligations.
Cybersecurity Act 2
This regulation would replace the 2019 Cybersecurity Act, significantly expanding the mandate and resources of ENISA – the European Union Agency for Cybersecurity, the EU’s dedicated agency for achieving a high common level of cybersecurity across Europe. ENISA provides expertise, develops guidelines, and supports Member States and EU institutions in preventing and responding to cyber threats.
Key reforms include overhauling the European Cybersecurity Certification Framework to accelerate scheme development and enable “cyber posture” certification. The proposal also introduces a harmonized EU framework to address ICT supply chain security risks from “high-risk suppliers” in third countries.
The new certification framework explicitly aims to facilitate compliance with the General Data Protection Regulation (GDPR) through cyber posture certifications, creating synergies between cybersecurity and data protection requirements. Organizations could potentially demonstrate GDPR security compliance through these certifications.
NIS 2 Directive Amendments
This proposed directive introduces targeted amendments to the NIS 2 Directive – the EU’s primary legislation establishing cybersecurity obligations for operators of essential services and important entities across critical sectors, including energy, transport, health, and digital infrastructure. The original NIS (Network and Information Security) Directive was the EU’s first comprehensive cybersecurity law, with NIS 2 being its 2022 successor that significantly expanded the scope and requirements.
Key changes now proposed include clarifying scope for healthcare, electricity, hydrogen, and chemical sectors; introducing a “small mid-cap” enterprise category with reduced compliance burdens; requiring Member States to adopt post-quantum cryptography migration policies; and strengthening ENISA’s role in supervising cross-border entities through risk assessments and joint examination teams.
The proposal introduces harmonized ransomware incident reporting requirements, including potentially sensitive information about whether ransoms were paid, amounts, and recipients. Recognizing privacy concerns, the proposal specifies that such sensitive details should only be submitted to Computer Security Incident Response Teams (CSIRTs) or competent authorities upon request, not automatically. Member States are directed to address liability risks arising from such disclosures. The European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) were consulted on this proposal, as noted in the recitals.
Click here to read the EU Commission’s proposal for the Digital Networks Act.
Click here to read the EU Commission’s proposal for the Cybersecurity Act 2.
Click here to read the EU Commission’s proposal for NIS 2 Directive Amendments.
