CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

EU Proposes Cybersecurity Legislation to Restrict High-Risk Suppliers

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

The European Commission has proposed new cybersecurity legislation to mandate the removal of high-risk suppliers from telecommunications networks and strengthen defenses against state-backed and cybercrime threats. The legislation aims to secure critical infrastructure and ICT supply chains, with a focus on suppliers from countries posing national security risks. The proposal includes the authority to conduct EU-wide risk assessments and impose restrictions or bans on certain equipment. The revised Cybersecurity Act will streamline certification procedures and enhance ENISA's role in threat alerts, incident response, and vetting critical tech suppliers. The legislation will take effect immediately upon approval, with member states having one year to implement national laws.

Timeline

  1. 20.01.2026 20:54 2 articles · 1d ago

    EU Proposes New Cybersecurity Legislation to Restrict High-Risk Suppliers

    The European Commission has proposed new cybersecurity legislation to mandate the removal of high-risk suppliers from telecommunications networks and strengthen defenses against state-backed and cybercrime threats. The legislation includes the authority to conduct EU-wide risk assessments and impose restrictions on equipment in critical infrastructure. The revised Cybersecurity Act will streamline certification procedures, enhance ENISA's role in threat alerts, incident response, and vetting critical tech suppliers. The legislation will take effect immediately upon approval, with member states having one year to implement national laws.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Global Agencies Release OT Network Security Guidance

The US Cybersecurity and Infrastructure Security Agency (CISA), the UK’s National Cyber Security Centre (NCSC), the Federal Bureau of Investigation (FBI), and international partners have released a new set of security principles aimed at securing operational technology (OT) environments. The guidance addresses the growing risks associated with insecure connectivity in systems that support essential services, providing a framework to help organizations design and manage secure connectivity in OT networks. The document emphasizes the importance of embedding security into network design from the outset to reduce exposure to both highly capable and opportunistic adversaries, including nation-state actors. It highlights the increased interconnection between industrial systems and enterprise networks, which has improved efficiency but expanded the attack surface for cyber threat actors.

Open in new tab

CISA outlines strategic vision for the CVE Program's Quality Era

The Cybersecurity and Infrastructure Security Agency (CISA) has released a strategic roadmap for the Common Vulnerabilities and Exposures (CVE) Program, marking the transition from its Growth Era to the Quality Era. The new focus aims to enhance trust, responsiveness, and the quality of vulnerability data. The CVE Program, a global standard for vulnerability identification, will prioritize conflict-free and vendor-neutral stewardship, broad multi-sector engagement, transparent processes, and accountable leadership. CISA will continue to maintain CVE data as a free and openly accessible public good. The strategic vision includes expanding community partnerships, evaluating diversified funding mechanisms, accelerating technological improvements, enhancing transparency and communications, and improving data quality through collaboration with industry and international governments.

Open in new tab

CISA and Partners Release OT Asset Inventory Guidance

The Cybersecurity and Infrastructure Security Agency (CISA) and several international partners released new guidance to assist operational technology (OT) owners and operators in creating and maintaining comprehensive OT asset inventories and taxonomies. This guidance aims to enhance the security of critical infrastructure sectors by providing deeper visibility into OT assets, reducing risk, and ensuring operational resilience. The guidance was developed in collaboration with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), Environmental Protection Agency (EPA), and cybersecurity agencies from Australia, Canada, Germany, the Netherlands, and New Zealand. OT systems are crucial for the safe and reliable operation of critical infrastructure, including water systems, energy grids, manufacturing, and transportation networks.

Open in new tab

DHS and Private Sector Establish ICT Supply Chain Risk Management Task Force

The U.S. Department of Homeland Security (DHS) has formed the ICT Supply Chain Risk Management Task Force, a public-private partnership to identify and manage risks to the global ICT supply chain. The task force aims to develop consensus recommendations to address threats from foreign adversaries, hackers, and criminals targeting the ICT supply chain. The initiative is part of DHS's collective defense approach to cybersecurity risk management, involving industry and government stakeholders. The inaugural meeting of the Task Force was held on November 15, 2018, with members from leading telecom companies and government agencies. The Task Force has launched work streams to develop a common framework for bi-directional sharing of supply chain risk information, identify processes for threat-based evaluation of ICT supplies, and produce policy recommendations to incentivize the purchase of ICT from original manufacturers or authorized resellers. The Task Force recently approved a recommendation for a proposed federal acquisition rule to prevent counterfeit ICT procurement and discussed mechanisms for providing input into the Federal Acquisition Security Council. The Task Force is also expanding its scope to involve supply chain experts from outside the IT and Communications industry and aims to release a public summary of its recommendations by the end of summer.

Open in new tab