Standardizing managed security services
A targeted amendment to the 2019 Cybersecurity Act complements the primary legislation by recognizing the growing importance of managed security services. This provision will enable the development of European certification schemes for specialized cybersecurity interventions, including incident handling, penetration testing, security audits, and technical consulting, the statement added.
The move addresses a critical gap in the current cybersecurity landscape. By creating standardized certification processes, the EU aims to foster trust, increase service quality, and prevent market fragmentation. Some member states had already begun developing national certification schemes, and this legislation provides a unified, comprehensive framework.
“This targeted amendment will enable the establishment of European certification schemes for these managed security services,” the Council’s statement read. “It will help to increase their quality and comparability, foster the emergence of trusted cybersecurity service providers, and avoid fragmentation of the internal market given that some member states have already started the adoption of national certification schemes for managed security services.”