European Commission Proposes Robust Cybersecurity Package to Strengthen EU Resilience
28, January, 2026
PRESS RELEASE, Strasbourg | The European Commission has unveiled a comprehensive cybersecurity package designed to boost the European Union’s resilience and capabilities in the face of growing cyber and hybrid threats targeting critical infrastructure, services and democratic institutions. The announcement, made on 20 January 2026, responds to increasingly sophisticated attacks that risk disrupting essential systems across the bloc.
"Cybersecurity threats are not just technical challenges. They are strategic risks to our democracy, economy, and way of life. With the new Cybersecurity Package, we will have the means in place to better protect our critical ICT supply chains but also to combat cyber attacks decisively. This is an important step in securing our European technological sovereignty and ensuring a greater safety for all."
Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy
At the heart of the initiative is a proposal to revise the EU Cybersecurity Act, which sets the framework for EU-wide cybersecurity certification of digital products, services and processes. The revision aims to enhance the security of the EU’s Information and Communication Technology (ICT) supply chains by reducing risks arising from high-risk third-country suppliers and ensuring that products reaching EU citizens are cyber-secure by design. The updated framework would streamline certification procedures and improve their accessibility for businesses, while facilitating compliance with existing cybersecurity rules.
In addition, the package includes measures to simplify compliance with EU cybersecurity legislation, ease jurisdictional complexities, and improve the reporting and management of cybersecurity incidents such as ransomware attacks. A refreshed European Cybersecurity Certification Framework (ECCF) is expected to allow stakeholders to develop voluntary certification schemes more efficiently and with greater transparency.
The proposal also aims to reinforce the role of the EU Agency for Cybersecurity (ENISA), enabling the agency to support Member States more effectively in understanding and responding to common threats, coordinating incident response, and providing early warning services.
If adopted by the European Parliament and the Council, the measures would apply across all EU member states, underlining the Commission’s commitment to a more secure digital ecosystem capable of protecting both citizens and enterprises from emerging cyber threats.