Cross-industry and standards development organisations open letter on the EU Cybersecurity certification framework proposal
BRUSSELS, 25 June 2018 – Our associations represent more than 56 000 companies in Europe in key areas for jobs and economic development in Europe.
Ahead of the expected vote on 10 July in the European Parliament’s Industry, Research and Energy (ITRE) committee, we urge European decision-makers to ensure that the EU cybersecurity certification framework will not be detrimental to the competitiveness of the EU industry and will rather support a flexible and future-proof framework. The Cybersecurity Act aims to harmonise the Single Market and contribute to the establishment of the Digital Single Market, increase cybersecurity in Europe and turn the EU cybersecurity certification schemes into a competitive advantage for the industry and a globally-recognised instrument.
Our associations have, however, a number of recommendations as regards ongoing political discussions, and therefore call on the European Parliament to consider with specific attention the five following points:
1. The voluntary approach to certification is key for it to remain a competitive advantage for the industry and avoid unintended consequences both on smaller market actors and on already heavily regulated sectors. We therefore recommend keeping the voluntary nature of the certification framework, possibly to be reviewed at a later stage, according to the evolution of the cybersecurity landscape. To avoid potential Single Market fragmentation, it is key to avoid a situation, where national legislation can mandate a scheme.
2. Conformity assessment methods and requirements should be defined in the schemes and not in the regulation itself so as to allow for a fit-for-purpose approach according to risks and use cases. Allowing for self-declaration of conformity is fundamental to streamline the certification process and make it accessible to all market actors.
3. A clear framework for the participation of the industry should be defined, to make sure ENISA collaborates openly with the industry when preparing, elaborating and adopting candidate schemes. We support the proposal of the European Parliament to set specific ad-hoc consultation platforms but to occur on a systematic basis with formal rules to ensure a level playing field for stakeholders’ representation. A positive step to this direction can also be the proposal for the establishment of a “Stakeholder Certification Group”.
4. The adoption of the schemes should include a process to ensure that they are aligned or could take part in existing international mutual recognition agreements to ensure that the EU certificates are globally recognised.
5. Reference to global standards should prevail. This includes European Standards, International Standards, and Technical Specifications, that have been developed in accordance with defined principles in EU standardisation legislation (i.e. Annex II of Regulation EU 1025/2012), developed in an inclusive and transparent way. Allowing for any deviation from this principle creates uncertainty for market players and would need to be clarified.
AFME (Association for Financial Markets in Europe) advocates for deep and integrated European capital markets which serve the needs of companies and investors, supporting economic growth and benefiting society. AFME is the voice of all Europe’s wholesale financial markets, providing expertise across a broad range of regulatory and capital markets issues. AFME aims to act as a bridge between market participants and policy makers across Europe, drawing on its strong and long-standing relationships, its technical knowledge and fact-based work. Its members comprise pan-EU and global banks as well as key regional banks, brokers, law firms, investors and other financial market participants. AFME participates in a global alliance with the Securities Industry and Financial Markets Association (SIFMA) in the US, and the Asia Securities Industry and Financial Markets Association (ASIFMA) through the GFMA (Global Financial Markets Association). For more information please visit the AFME website: www.afme.eu. Follow us on Twitter @AFME_EU
Agoria brings together and defends the interests of companies in the technology industry. The federation is committed to the future of these companies and the nearly 275,000 people they employ. With 1,900 member companies, Agoria is the largest sectoral employers’ federation in Belgium.
APPLiA is a Brussels-based trade association that provides a single, consensual voice for the home appliance industry in Europe. It promotes the industry’s general mission to increase product innovation while reducing the environmental impact of appliances. APPLiA members produce the following type of appliances: •Large appliances such as refrigerators, freezers, ovens, dishwashers, washing machines and dryers;
• Small appliances such as vacuum cleaners, irons, toasters and toothbrushes; • Heating, ventilation and air conditioning appliances such as air conditioners, heat pumps and local space heaters.
The home appliance industry is an important European economic player. – Generating wealth: the total annual turnover of the industry in Europe is €47.6bn (2016) – Providing good employment: – Total employment as a result of the presence of the sector: approximately 889.192 jobs, – Direct employment: 202.089 jobs – investment in the future: €1.4bn contribution to research and development activities in Europe.
About Danish Chamber of Commerce
The Danish Chamber of Commerce is the network for the service industry in Denmark. It is one of the largest professional business organisations in Denmark with
more than 200 employees, offices in Copenhagen, Aarhus and in Brussels. The Chamber represents 17,000 Danish companies and 100 trade associations within
trade, tourism, business services, IT, welfare services and transportation.
DIGITALEUROPE represents the digital technology industry in Europe. Our members include some of the world’s largest IT, telecoms and consumer electronics companies and national associations from every part of Europe. DIGITALEUROPE wants European businesses and citizens to benefit fully from digital technologies and for Europe to grow, attract and sustain the world’s best digital technology companies. DIGITALEUROPE ensures industry participation in the development and implementation of EU policies.
DIGITALEUROPE’s members include in total over 35,000 ICT Companies in Europe represented by over 63 Corporate Members and 39 National Trade Associations from across Europe. Our website provides further information on our recent news and activities: http://www.digitaleurope.org
The European Banking Federation is the voice of the European banking sector, uniting 32 national banking associations in Europe that together represent some 3,500 banks – large and small, wholesale and retail, local and international – employing about 2.1 million people. EBF members represent banks that make available loans to the European economy in excess of €20 trillion and that securely handle more than 300 million payment transactions per day. Launched in 1960, the EBF is committed to creating a single market for financial services in the European Union and to supporting policies that foster economic growth. www.ebf.eu @EBFeu
About OpenForum Europe
OpenForum Europe (OFE) is a not-for-profit, independent European based think tank which focuses on openness within the IT sector. We draw our support not only from some of the most influential global industry players, but most importantly from across European SMEs and consumer organisations and the open community. OFE also hosts a global network of OpenForum Academy Fellows, each contributing significant innovative thought leadership on core topics. Views expressed by OFE do not necessarily reflect those held by all its supporters.
About Syntec Numerique
Syntec Numérique is the first professional organization within the French digital ecosystem with more than 2000 members ranging from large corporations to start-ups. Its members span software industry, engineering, technology consulting or operations, and their business cover the full spectrum of digital sector from data economy to cybersecurity, IoT, mobility or ehealth.