Home > Blog > EDPB and EDPS Advocate for Enhanced EU Cybersecurity Measures
Compliance

EDPB and EDPS Advocate for Enhanced EU Cybersecurity Measures

By whois-secure April 8, 2026 3 views

EDPB and EDPS Advocate for Enhanced EU Cybersecurity Measures

On March 19, 2026, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) jointly issued an opinion supporting the European Commission's proposals to strengthen the European Union's cybersecurity framework. This collaborative stance underscores the critical balance between bolstering cybersecurity defenses and safeguarding individuals' personal data.

Overview of the Joint Opinion

The joint opinion addresses two key legislative proposals:

  • Cybersecurity Act 2 (CSA2): Aims to enhance the role of the European Union Agency for Cybersecurity (ENISA) and facilitate the adoption of cybersecurity certification schemes.
  • Amendments to the Network and Information Security 2 (NIS2) Directive: Seeks to update and strengthen the existing NIS2 Directive to address emerging cybersecurity challenges.

EDPB Chair Anu Talus emphasized the interconnectedness of data protection and cybersecurity, stating, "The relationship between data protection and cybersecurity is reciprocal and deeply interconnected. While cybersecurity supports the protection of personal data by limiting the risks of unwanted access, modification, or unavailability of data, it is crucial to ensure that security controls are implemented in a way that does not undermine individuals’ fundamental rights and freedoms."

Similarly, EDPS Wojciech Wiewiórowski highlighted the importance of balancing effective cybersecurity measures with the necessity to limit personal data processing to what is strictly necessary. He welcomed the reinforced role of ENISA in promoting digital resilience, expressing hope that this new mandate would foster synergies between security and privacy.

Key Recommendations and Insights

The joint opinion provides several recommendations to ensure that the proposed legislative changes effectively enhance cybersecurity while respecting data protection principles:

  • Clarification of Certification Frameworks: The EDPB and EDPS call for clearer delineation between the European Cybersecurity Certification Framework and GDPR certification processes. They recommend that ENISA consult with the EDPB before adopting certification schemes related to personal data processing security.
  • Inclusion of General Workforce in Cybersecurity Skills Framework: The opinion suggests that the European Cybersecurity Skills Framework should not be limited to cybersecurity professionals but should also encompass general workforce profiles to promote a broader understanding of cybersecurity practices.
  • Establishment of a Single Entry Point for Data Breach Notifications: To reduce administrative burdens on organizations, the EDPB and EDPS support creating a unified mechanism for reporting personal data breaches, ensuring efficiency without compromising individual protection levels.
  • Designation of Essential Entities: The opinion welcomes the classification of European Digital Identity Wallets and European Business Wallets providers as 'essential entities,' recognizing their critical role in the digital ecosystem.

These recommendations aim to create a robust cybersecurity framework that aligns with data protection standards, ensuring that security measures do not infringe upon individuals' rights and freedoms.

Implications for Organizations

Organizations operating within the EU should closely monitor these developments, as the proposed changes could significantly impact compliance obligations. Key considerations include:

  • Alignment of Certification Processes: Organizations may need to navigate and comply with both cybersecurity and data protection certification requirements, necessitating a comprehensive understanding of both frameworks.
  • Workforce Training and Development: Expanding cybersecurity training beyond specialized professionals to include the general workforce can enhance overall organizational resilience against cyber threats.
  • Streamlined Data Breach Reporting: The establishment of a single entry point for data breach notifications could simplify reporting processes, but organizations must stay informed about the specific requirements and procedures once implemented.
  • Recognition of Essential Service Providers: Entities designated as 'essential' under the amended NIS2 Directive will likely face additional compliance requirements and should prepare accordingly.

By proactively addressing these considerations, organizations can better position themselves to comply with the evolving EU cybersecurity landscape.

Conclusion

The joint opinion from the EDPB and EDPS marks a significant step toward enhancing the EU's cybersecurity framework while maintaining a strong commitment to data protection. As these legislative proposals progress, organizations must stay vigilant and adapt to new compliance requirements to ensure both security and privacy are upheld.

For more detailed information, refer to the official press release from the European Data Protection Supervisor: EDPB and EDPS Support Strengthening EU’s Cybersecurity and Easing Compliance While Protecting Individuals’ Personal Data.

Tags: EDPB EDPS EU Cybersecurity Data Protection Compliance
CyberEdge Learning
Level Up Your Cybersecurity Skills
Liked this article? Go deeper with hands-on training, certification prep, and real-world labs at CyberEdge Learning.
Start Free →