EU Commission’s Focus on Cyber and Supply Chain Security
In close collaboration with security experts across European industry and international partners, the European Commission is working to secure the supply chain by following secure-by-design principles.
“I believe we’ve launched the biggest standardization request ever for this specific piece of legislation,” said Christiane Kirketerp de Viron, referring to the EU’s Cyber Resilience Act, at the TechNet International 2025 conference held in Brussels.
De Viron currently serves as the acting director at Digital Society, Trust and Cybersecurity for the European Commission’s Directorate General for Communications Networks, Content and Technology, or DG CONNECT.
“We set a framework for all companies that want to sell any kind of hardware or software in the union that they have to do secure by design,” de Viron said. Every product development stage must incorporate a security element, she added.
“That also means that once you place your product on the market, you can’t just drop it and forget about it. You have to do the security updates; you have to provide the patches; you have to help your users actually make sure that this is a secure product.”
The approach is an opportunity for strategic partnerships with the defense industry, she stated.
De Viron’s office has also drawn on lessons learned from the war in Ukraine to work on response capabilities.
“It has taught us a lot about the need to actually have additional capabilities ready,” she said. Therefore, DG CONNECT is in the process of developing a mechanism to allow trusted private providers to serve as backups during moments of crisis for member states or associated countries such as Ukraine.
Additionally, the EU released its Action Plan on Cable Security, which was driven by last year’s Baltic Sea cable disruptions. The plan leverages readily available European tools, de Viron said.
“Whether they are on purpose or not, the effect is the same when it comes to our data infrastructure, telcom infrastructure, electricity, etc.,” she stated.
“We’re also working now with member states around the concept of cable hubs, which is about bringing different data points together to have better situational awareness.
The work is an obvious link to NATO, de Viron suggested, as strategic discussions around technological investments with the alliance continue.
De Viron also stressed the importance of supply chain security.
Since 2020, the European Commission has been eagerly promoting its IT toolbox to ensure full implementation across all member states, de Viron stated.
“It’s an unacceptable risk to have these specific high-risk vendors,” she said, specifically noting the telecom infrastructure.
This year has seen the European Commission release three other strategic initiatives.
First, a white paper on defense, Readiness 2030 outlines cyber as the fifth domain, Edit Komaromi said.
Komaromi is the team leader for hybrid threats in Unit A3 at the EU's Directorate-General for Defence Industry and Space, or DG DEFIS.
Additionally, the preparedness strategy supports member states as they meet emerging threats.
Finally, an internal security strategy addresses hybrid threats, she highlighted.
Komaromi also shared the level at which cybersecurity is prioritized among her team. "Our defense commissioner was explicitly asked by our president to develop measures to counter cyber attacks and hybrid threats," she stated.
TechNet International is organized by AFCEA Europe, AFCEA International's European office. SIGNAL Media is the official media of AFCEA International.