In a digital environment where cyberattacks are increasing in intensity and complexity, while dependence on interconnected systems is deepening, Europe is redefining the cybersecurity framework , spearheaded by the Cybersecurity Act and new European cooperation tools.
Strengthening cybersecurity and building trust in digital ecosystems are now key factors for the resilience of the European economy. But how is it achieved and what does trust ultimately mean?
Question asked to be answered, in the panel 'At the Edge of Trust: The Cybersecurity Act and Europe's Digital Future,' which took place within the framework of Digital Conference 'Shaping the Next Digital Frontier,' organised by the Deputy Ministry of Research, Innovation and Digital Policy in the context of the Cyprus Presidency of the Council of the European Union. The discussion brought together leading representatives of European institutions, governments and the technology industry.
The panel included Piotr Kobielski, Plenipotentiary Deputy Director, International Cooperation Department, Ministry of Digital Affairs of Poland, Georgios Michaelides, Commissioner of Communications, Republic of Cyprus, Guido Lobran, Director General, Europe & SVP, The Information Technology Industry Council and Florian Pennings, Associate Chief Cybersecurity & Operational Officer, ENISA, EU.
Piotr Kobielski referred to the dual nature of the Cybersecurity Act, both as an internal harmonisation tool and as an international reference point for the EU. He explained that the framework limits the fragmentation of national policies and creates a common operational basis between Member States. At the same time, he noted that the European Union acts as a “regulatory hub of influence”, as third countries adopt elements of the European approach. Referring to the experience of Poland, he cited data on approximately 680 recorded cybersecurity incidents at national level in 2025, underlining the need to strengthen national response mechanisms and better coordination at the European level.
Georgios Michaelides highlighted the value of the common European framework as a tool for predictability for investment and business activity. He cited the evolution of professional roles in cybersecurity as a typical example , noting that until recently there were multiple and inconsistent descriptions for roles such as cyber security analyst or CISO, while the European skills classification through the relevant framework has now created a single professional language. At the same time, it highlighted that the transition from NIS1 to NIS2 significantly increased the scope of application, from approximately 60 critical infrastructures to hundreds of organizations, which enhances security but also adds substantial regulatory complexity.
Guido Lobrano analysed the relationship between regulatory architecture and investment certainty, noting that the proposed Cybersecurity Act can act as either a simplification tool or a source of additional burdens, depending on its implementation. He focused on the importance of harmonization through single European certification standards, which could replace multiple national regimes. At the same time, he emphasised that a critical success parameter is the time that companies dedicate to substantially strengthening security versus the time required to comply with fragmented processes. He also made particular reference to the need for clearer definitions of critical concepts, such as “main establishment” and incident reporting procedures, which currently remain differentiated between countries.
Florian Pennings placed the evolution of European cybersecurity in historical perspective, starting from 2019, when ENISA's permanent mandate was established and the foundations for a more stable European architecture were laid. He pointed out that at that time tools such as Cyber Resilience Act or the current certification structures, while the pandemic has drastically accelerated digitalization and therefore exposure to risks. He also referred to the increase in demand for cybersecurity services and the strengthening of awareness in critical areas. According to the expert, the current phase is characterized by a combination of technological acceleration and geopolitical instability, which makes it necessary to constantly adapt European tools.
The discussion concluded with the shared finding that cybersecurity has evolved into a key pillar of the European digital strategy, with the Cybersecurity Act serving as a benchmark for the balance between regulation, innovation and operational resilience.
The discussion was moderated by Christos Onoufriou, CEO of Odyssey Cybersecurity.
(Source: InBusinessNews)
