* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Public Sector](https://www2.paloaltonetworks.com/blog/category/public-sector/)
* European Commission Propo...

# European Commission Proposes Bold Steps on Cybersecurity

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F12%2Fpolicy-european-commission-cybersecurity%2F)  
[](https://twitter.com/share?text=European+Commission+Proposes+Bold+Steps+on+Cybersecurity&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F12%2Fpolicy-european-commission-cybersecurity%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F12%2Fpolicy-european-commission-cybersecurity%2F&title=European+Commission+Proposes+Bold+Steps+on+Cybersecurity&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2020/12/policy-european-commission-cybersecurity/&ts=markdown)  
\[\](mailto:?subject=European Commission Proposes Bold Steps on Cybersecurity)  
Link copied  
By [Sebastian Gerlach](https://www.paloaltonetworks.com/blog/author/sebastian-gerlach/?ts=markdown "Posts by Sebastian Gerlach")  
Dec 21, 2020  
7 minutes  
[Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)  
[EU](https://www.paloaltonetworks.com/blog/tag/eu/?ts=markdown)  
[NIS 2](https://www.paloaltonetworks.com/blog/tag/nis-2/?ts=markdown)  
[policy](https://www.paloaltonetworks.com/blog/tag/policy/?ts=markdown)

Palo Alto Networks welcomes the European Commission's release on 16 December of a set of proposals related to cybersecurity, including a [new cybersecurity strategy](https://ec.europa.eu/digital-single-market/en/news/eus-cybersecurity-strategy-digital-decade) and a proposal for revision of the Directive on Security of Network and Information Systems ([NIS 2](https://ec.europa.eu/digital-single-market/en/news/proposal-directive-measures-high-common-level-cybersecurity-across-union)). The European Commission recognises that cybersecurity is essential to economic activity and growth, as well as to user confidence in online activities. It also understands that bold steps are needed to ensure that Europeans can securely benefit from innovation, connectivity and automation.

These documents are the result of extensive consultations with stakeholders and come at a critical time. Much has changed since the original NIS Directive was negotiated in 2016, and since the last major set of cybersecurity strategy and legislative proposals was released by the European Commission in 2017. All sectors of the EU's economy continue to become more digitally dependent and interdependent. Key changes include:

* There has been a huge expansion in the use of IoT devices by consumers and businesses, as well as in industrial settings such as manufacturing.
* The rollout of 5G has picked up speed.
* Most recently, the COVID-19 crisis has accelerated the digital transformation of many companies and governments, forcing them to conduct business remotely almost overnight, largely leveraging the cloud.

These and other changes have increased the level of critical risk to governments and industry. At the same time, cyber-threats continue to evolve and become more automated and sophisticated, with adversaries unfortunately taking advantage of the global health crisis to launch a [plethora of COVID-19-themed cyberattacks](https://unit42.paloaltonetworks.com/covid19-cyber-threats/?utm_source=marketo&utm_medium=email&utm_campaign=Digest%201254-2020-02-21T14:47:20.000-08:00&mkt_tok=eyJpIjoiTW1NeU9ESXhZelF4TXpNNCIsInQiOiI1UmRsRTVDWnhtOEdlcm9KSlZYdUpSM3l2TUpJTjN2S2kxdE9PNnBzSVM1M0lVamtqVjJlczNmazUyaUJCZ3NzWDBySnVJSjZ2akZvSXNWSVVweU11NGVhU1VHQTQxZFJUXC9TS0c2TGpOejFBT3RqeWtPa3h4U0o1V2U4VytiV3EifQ%3D%3D) in 2020.

We will be carefully reviewing this package of proposals in more detail in the coming weeks, but there are a few aspects worth commending based on an initial assessment.

## "The EU's Cybersecurity Strategy for the Digital Decade"

The new cybersecurity strategy includes a range of proposals to improve cyber resilience both in the EU and externally. The European Commission's proposal to build a network of **Security Operations Centres (SOCs)** across the EU that would**leverage artificial intelligence (AI) and machine learning** to improve threat and incident detection, analysis and response speeds is important and timely. Preventing successful cyberattacks manually with an ever-more-scarce specialised workforce, while the number of daily alerts is overwhelming security teams, makes the automation of SOCs inevitable.

We also support the **objectives and actions on 5G security,** which will be imperative to help mitigate new risks stemming from the growing attack surface that 5G network infrastructures will create. We particularly appreciate the call for ENISA and Member States to work with all stakeholders to better understand new 5G security technologies and capabilities as well as threats. The strategy's 5G security proposals build upon [related activities in the EU](https://www.paloaltonetworks.com/blog/2020/12/5g-security-in-europe/), including the EU's [5G Toolbox of Risk Mitigating Measures](https://ec.europa.eu/digital-single-market/en/news/cybersecurity-5g-networks-eu-toolbox-risk-mitigating-measures) and the latest ENISA publication, [5G Supplement to the Guideline on Security Measures under the EECC](https://www.enisa.europa.eu/publications/5g-supplement-security-measures-under-eecc) of 10 December 2020, which acknowledges that 5G's utilisation of new technologies like network virtualisation, network slicing and edge computing are prone to specific vulnerabilities that may require additional security controls.

We appreciate the proposal to **further develop Europol's role as the centre of expertise on cybercrime** to support national law enforcement authorities, as well as **increased funding and mandate for CERT-EU.** Both entities play critical roles supporting cybersecurity efforts throughout the EU. The focus on **improving cybersecurity of EU institutions, bodies and agencies**will be important to shield these organisations from cyberattacks.

Finally, we commend the emphasis on the **EU's international cooperation,** such as via cyber diplomacy in international relations, increased bilateral dialogues on cybersecurity, and cyber capacity-building in third countries. Cybersecurity threats are global, and effective policies to counter them also must be global.

Throughout the strategy, the Commission reinforces the importance of**cooperation with the multi-stakeholder community,** notably by regular exchanges with the private sector, academics and civil society. This approach is welcome and will be essential to developing these proposals that we have highlighted -- and others -- effectively.

## Proposal for the Revision of the NIS Directive (NIS 2)

As the Commission stated upon publishing the draft NIS 2, the original NIS Directive paved the way for significant changes in mindset and institutional and regulatory approaches to cybersecurity in many EU Member States. The proposed NIS 2 has a number of important elements.

We support the effort to **update and strengthen the NIS Directive's cybersecurity risk management requirements** with a list of focused measures. The emphasis on**incident prevention, detection and response; risk analysis** and**information system security policies; internationally accepted risk management standards; cybersecurity governance** and **supply chain security** are important and useful additions. Like their peers around the world, EU governments want more assurance regarding the integrity of the information and communications technologies (ICT) products and services that they, and the critical infrastructure entities in their countries, procure and use. The draft provides a very constructive approach for [supply chain risk management](https://www.paloaltonetworks.com/blog/2020/06/policy-supply-chain-best-practices/) -- guiding entities to consider the cybersecurity practices of their suppliers, including secure development practices -- and we encourage EU co-legislators to further build on these proposals, such as by promoting transparency in how companies manage risks to their supply chains and how ICT vendors, including in the 5G and IoT space, can demonstrate adherence to best practices.

We also support the intention to prepare **secondary guidance on these security requirements.** It is important to clearly inform businesses of the steps they can take to manage their cybersecurity risks. Our experience to date is that many companies do not know how compliant they are with NIS, nor even what criteria they should assess themselves against. Guidance will be crucial to ensuring consistent implementation of NIS 2, as well as to meeting the European Commission's goals to improve and align the security requirements across Europe. It will be important to involve stakeholders in the development of this guidance.

NIS 2 seeks to **promote voluntary cyberthreat information sharing** by directing Member States to ensure that entities covered by NIS 2 can share cyberthreat information among themselves to improve cybersecurity. European policymakers have long acknowledged the value of voluntary cyberthreat information sharing in understanding threats, protecting information and networks, and preventing successful cyberattacks. Leveraging the NIS Directive to promote more sharing and to address barriers that might preclude organisations from participating in voluntary threat-sharing relationships is very welcome.

Finally, we would like to highlight the proposal related to **domain names and registration data (WHOIS data).** Maintaining accurate and complete databases and providing lawful access to such data -- in compliance with EU data protection law insofar as it is related to personal data -- is essential to ensure the security, stability and resilience of the Domain Name System (DNS). WHOIS data plays a strong role in facilitating cybersecurity research, threat detection, analysis and mitigation, which in turn contributes to a high common level of cybersecurity within the EU.

## Next Steps for the European Commission's Cybersecurity Package

These are only some of the many important policies and activities proposed in the European Commission's cybersecurity package. We commend the European Commission for continuing to take steps to improve cybersecurity in the EU. As the European Commission stated in the new strategy, the EU's economy, democracy and society depend more than ever on security, reliable connectivity and digital tools. Palo Alto Networks looks forward to examining these proposals closely and providing more detailed analysis, and to working with the European Commission, European Parliament and European Council in the coming months to help them refine these proposals to best realise the goal of improving the EU's cybersecurity.

*Sebastian Gerlach is senior director, EMEA Policy, for Palo Alto Networks.*

*** ** * ** ***

## Related Blogs

### [AI Governance](https://www.paloaltonetworks.com/blog/category/ai-governance/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Improving National Security Through Secure AI](https://www2.paloaltonetworks.com/blog/2025/05/improving-national-security-through-secure-ai/)

### [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### 10 Cyber Recommendations for the Trump Administration](https://www2.paloaltonetworks.com/blog/2025/02/10-cyber-recommendations-trump-administration/)

### [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### A Security-First Approach to 6G](https://www2.paloaltonetworks.com/blog/2024/11/a-security-first-approach-to-6g/)

### [AI Governance](https://www.paloaltonetworks.com/blog/category/ai-governance/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown)

[#### Palo Alto Networks Joins EU AI Pact for a Secure Digital Future](https://www2.paloaltonetworks.com/blog/2024/10/joins-eu-ai-pact-for-a-secure-digital-future/)

### [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Palo Alto Networks Zero Trust Platform Featured in New NIST Guidance](https://www2.paloaltonetworks.com/blog/2024/08/zero-trust-platform-featured-in-new-nist-guidance/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Saudi Arabia's Cloud Computing Regulatory Framework v3](https://www2.paloaltonetworks.com/blog/2022/06/cloud-computing-regulatory-framework-v3/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language