Over the past few months, ISC2 has been actively engaging in EU policymaking discussions. We give you the run down on how ISC2 is ensuring the cybersecurity profession remains at the heart of EU policymaking.

In recent years, the European Union (EU) introduced several landmark pieces of legislation that significantly impact the cybersecurity industry. Key regulations such as the Cyber Resilience Act (CRA), the revised Network and Information Security Directive (NIS2), and the AI Act are reshaping the policy environment in the EU. As these laws come into effect, they bring about new challenges and opportunities for cybersecurity professionals across Europe.

Today, cybersecurity is front and center in the EU's digital policy agenda. By contributing to policymaking processes, ISC2 has not only helped to shape the conversation but also guided professionals through the complex regulatory changes. This engagement will ensure that cybersecurity professionals remain equipped to navigate and implement the EU’s evolving regulations and legislations.

ISC2 Focuses on the EU

Over the last few months, ISC2 cemented its role as a trusted partner in cybersecurity initiatives by engaging in key EU policymaking conversations and events.

In September, ISC2 participated in the European Cybersecurity Skills Conference co-hosted by the Hungarian Presidency and ENISA. During this high-profile event, ISC2 was part of a panel where we emphasized the importance of closing the workforce gap and identifying the skills needed in the EU. We particularly emphasized the need for a joined-up approach to skills development, stressing that skills frameworks need to be harmonized within the EU and beyond.

ISC2 also convened a roundtable with EU policymakers. Held on the eve of a new mandate for the European Commission, this event focused on future plans and priorities. Panelists including Luca Tagliaretti from the European Cybersecurity Competence Centre (ECCC), Svetlana Schuster from the European Commission, and Florian Pennings from ENISA, highlighted upcoming initiatives such as ECSF 2.0 and the potential development of a European certification system for cybersecurity. The dialogue underscored the Commission’s commitment to building cybersecurity skills and increasing international cooperation through mechanisms like the Cyber Solidarity Act.

In mid-October, the ECSO Days 2024 conference brought together cybersecurity experts, innovators, and newly elected decision-makers. ISC2 took part in a conversation on how to leverage Road2Cyber to attract, recruit and retain talent. We highlighted the benefit of connecting Road2Cyber with the CyberSkills Academy and the need for training to be aligned.

In September, the EU AI Office announced that ISC2 had been selected to contribute to developing a Code of Practice for the EU AI Act. The Code will set the rules for general purpose AI systems and is designed to bridge the gap between the adoption of the AI Act and the establishment of European-wide standards (which may not be developed for a couple of years). It’s important that the rules draw on the experience and expertise of the cybersecurity industry.

ISC2’s activities are built on the strong foundations we’ve laid in the EU over the last two years. In that time, we have created robust relationships with policymakers and played an active role in shaping legislation, notably offering critical input to the European Cybersecurity Skills Framework (ECSF) and helping to shape NIS2 through written feedback and direct engagement. We helped build the EU’s cybersecurity workforce by providing free training to more than 27,000 cybersecurity professionals across EU member states, exceeding our initial goal by 139%.

How to Get Involved

In the coming months, ISC2 will continue its active participation in key EU events and discussions. We want to hear from members based in Europe who are involved in the implementation of cybersecurity legislation and regulation. Reach out if you would be interested in contributing to our advocacy initiatives.