Eu Cybersecurity Act

EU Cybersecurity Act: Implications for electronics manufacturing industry

Sept. 3, 2019

By Marek Kysela and Emir Demircan

The Cybersecurity Act (Regulation (EU) 2019/881), Europe’s first consolidated cybersecurity certification framework, took effect on 28 June 2019 to establish information and communication technology (ICT) product security certification standards for the European Union (EU).

The Act establishes EU Cybersecurity Certification Schemes intended to enhance the cyber resilience of ICT products, defined as an element or a group of network and information systems. The European Network and Information Security Agency (ENISA), for its part, will coordinate the preparation and submission of cybersecurity certification schemes for adoption by the European Commission.

Under the Act, cybersecurity certification will be voluntary unless specified otherwise by law. Companies can submit a self-certification statement of conformity for recognition of their products in all EU Member States. Cybersecurity certifications of products offered in one Member State will be valid across the EU. Products can be certified under one of three assurance levels – basic, substantial, or high – that corresponds to their ability to withstand cybersecurity attacks. Approved cybersecurity certification authorities will assess products and assign the level of security assurance.

ENISA is tasked as the responsible body to develop a categorized list of products to allow businesses, national government agencies and national standardization bodies to prepare for the future European cybersecurity certification schemes. The first list, scheduled for publication on 28 June, 2020, will be updated at least once every three years. In some areas, it could be necessary in the future to impose specific cybersecurity requirements and mandate certification of certain products.

The Cybersecurity Act in EU’s digital ecosystem

A substantial component of the EU’s overall digital policy, the Act aims to increase product safety in the single market. The Act will become part of a legislative framework that now includes the Directive on Security of Network and Information systems and the General Data Protection Regulation. In addition, the Act will take into account current international cybersecurity standards (e.g. ISO 27001, PCI-DSS, CSA Cloud Control Matrix or NIST 800-53) to help develop a globally harmonized framework underpinning interoperability.

SEMI’s role in advancing cybersecurity

SEMI welcomes the adoption of the resolution and commends the European Union’s commitment to address product cybersecurity as vital to a secure industry and society. With the Cybersecurity Act in force, Europe sets an important example by forming the building blocks for stronger cybersecurity and cyber-resilience in the global supply chain. Upholding Single Market principles, the Cybersecurity Act is a key milestone in SEMI’s work to bolster the manufacturing industry’s participation in cybersecurity policy. SEMI will maintain discourse with key public and private stakeholders, closely monitoring related policy developments as they unfold.

SEMI is involved in advancing the state of cybersecurity on a number of fronts including:

  • At SEMICON Europa, 15-19 November 2019, SEMI will continue to connect the electronics design and manufacturing supply chain to pave the way for future cybersecurity applications.
  • MADEin4 is a new ECSEL project that brings together nearly 50 organizations, including SEMI, to develop secure cyber-physical systems through a novel approach of combining metrology data analysis with machine learning methodologies and digital twinning. 
  • SEMI Smart Manufacturing initiative is designed to promote collaboration to solve problems in business-critical areas such as cybersecurity across the electronics manufacturing and design supply chain.
  • SEMI Cybersecurity Standards efforts include work of the Fab and Equipment Information Security Task Force to develop a suite of equipment and fab information security management standards to protect equipment and other fab resources against cyberattacks from both inside and outside the fab.
  • SEMI’s new EU-funded initiative MicroElectronics Training, Industry and Skills (METIS) will educate the future electronics workforce about cybersecurity.
  • SEMI Global Advocacy meets with policymakers worldwide to promote industry-government cooperation in developing cybersecurity policies.

Emir Demircan is Director of Public Policy and Marek Kysela is EU Policy and Project Coordinator at SEMI Europe.

Sponsored Recommendations

TTI Transportation Resource Center

April 8, 2024
From sensors to vehicle electrification, from design to production, on-board and off-board a TTI Transportation Specialist will help you keep moving into the future. TTI has been...

Cornell Dubilier: Push EV Charging to Higher Productivity and Lower Recharge Times

April 8, 2024
Optimized for high efficiency power inverter/converter level 3 EV charging systems, CDE capacitors offer high capacitance values, low inductance (< 5 nH), high ripple current ...

TTI Hybrid & Electric Vehicles Line Card

April 8, 2024
Components for Infrastructure, Connectivity and On-board Systems TTI stocks the premier electrical components that hybrid and electric vehicle manufacturers and suppliers need...

Bourns: Automotive-Grade Components for the Rough Road Ahead

April 8, 2024
The electronics needed for transportation today is getting increasingly more demanding and sophisticated, requiring not only high quality components but those that interface well...


To join the conversation, and become an exclusive member of Electronic Design, create an account today!