In December 2018, after more than one year of talks, a first European-wide political agreement was reached, known as the “Cybersecurity Act”. This new legislation reinforces the mandate of the European Union Agency for Network and Information Security (ENISA) to support member states in their fight against cyberattacks and threats. Among other advantages this Act brings in an EU-wide cybersecurity certification framework for products, processes and services. This groundbreaking development represents a new legislative context for the ongoing challenge of improving the cybersecurity of connected products, IoT devices and critical infrastructure, doing so by means of the abovementioned certifications and incorporating cybersecurity measures from the very first development and design stages (security-by-design).

Last April the Spanish Association of Electronics, Digital Contents and ICT Companies (Asociación de Empresas de Electrónica, Tecnologías de la Información, Telecomunicaciones y Contenidos Digitales; AMETIC) organized a specific Cybersecurity Act awareness-raising day, investigating in depth the underlying principles of this new legislation and discussing its likely impact on Spain’s firms. Mariano J. Benito, GMV’s CISO, took part in the panel discussing how the new Cybersecurity Act affects digital sector companies and the next steps that should be taken to tackle this new scenario.

Among the Act’s benefits for companies and the public at large, it lays down a European cybersecurity certification scheme, increasing the perceived trustworthiness of Europe’s various technological products. Certification and accreditation applications processed in any member country will now be valid in all the rest, as well as the result of this process, making the whole procedure more efficient. This will also slash costs for companies, especially SMEs, which would otherwise have to make several certification applications in different countries. This one-stop shop for cybersecurity certification will also remove any potential market-entry barriers. Moreover, companies will be encouraged to invest in the cybersecurity of their products and turn this into a competitive advantage.

GMV has participated in the Cybersecurity Act awareness-raising day together with representatives of the National Accreditation Agency (Entidad Nacional de Acreditación:  ENAC) and the National Cryptology Center (Centro Criptológico Nacional: CCN), among other experts.