ECSO Ideas Reflected in EU Council’s Report on Regulatory Simplification

Last week, the Council of the European Union reflected in its report Balancing regulation and innovation in the technology-driven economy“, presented by the Polish Presidency ahead of the Transport, Telecommunications and Energy Council meeting on 6 June 2025, multiple challenges and recommendations identified by the European Cyber Security Organisation (ECSO) as part of the Streamlining Regulatory Obligations initiative.

The document features a wide range of ideas that ECSO has been developing in close collaboration with its community of cybersecurity experts, addressing key regulatory challenges and proposed actionable solutions across five critical areas: incident reporting, risk management frameworks, assessments and auditing, supply chain security, and conformity assessment.  

The ECSO Team shared their insights on multiple occasions, including through research, dissemination efforts, and structured dialogues with key players such as the Presidency’s High-Level Roundtable on Streamlining EU Digital Regulations, held on 10 April 2025 in Brussels.

First page of the report "Balancing regulation and innovation in the technology-driven economy" by the Polish Presidency of the EU Council.

Key Reflections of ECSO’s Input

Incident Reporting

ECSO’s call for a centralised European incident reporting platform and the use of API-based meta-platforms to streamline compliance was echoed in the Council’s recommendation. The Council also adopted ECSO’s emphasis on standardised formats and the “once-only” principle to reduce duplication.

Risk Management Frameworks

ECSO’s push for harmonisation to reduce compliance burdens for cross-border entities was taken into account, as the Council document reflects the proposal to encourage mutual recognition of national frameworks, acknowledging the fragmentation caused by divergent national implementations of NIS2.

Assessments and Auditing

ECSO’s attention to automated, machine-readable audit processes – including the adoption of the Open Security Controls Assessment Language (OSCAL) – was also referenced in the Council’s call to “automate security audits” and reduce reliance on manual, spreadsheet-based assessments.

Supply Chain Security

The Council’s recommendations to develop tiered supplier classification methodologies and baseline security controls align closely with ECSO’s proposals. The Council also acknowledged the administrative burden of overlapping supplier questionnaires.

Conformity Assessment

ECSO’s suggestion to reuse conformity outputs and enable automated, composition-based assessments was reflected in the Council’s support for “formats that allow for automation” and the reuse of evidence across legislative frameworks.

Regular Engagement for Europe’s Leadership

The alignment between ECSO’s recommendations and the Council’s document demonstrates the value of structured and constant stakeholder engagement and the importance of grounding policy in operational realities.

As the EU continues its journey towards a more streamlined cybersecurity regulatory landscape, ECSO remains committed to supporting the implementation of simplification measures and ensuring that cybersecurity remains a cornerstone of Europe’s leadership. 

About the Policy Analysis and Outreach Stream

The ECSO Policy Analysis and Outreach Stream delivers in-depth policy analysis to ECSO Members, helping them decode and act upon key European cybersecurity developments. The initiative involves close collaboration with EU policymakers and the integration of insights from both public and private sectors. By engaging with European and international stakeholders, it promotes meaningful dialogue for a structured, dynamic European cybersecurity landscape.

Cristian Michael Tracci

Senior Manager for Policy Analysis and Outreach

cristian.tracci[at]ecs-org.eu

Simona Kaneva

Manager for Policy Analysis and Outreach

simona.kaneva[at]ecs-org.eu

Angèle Billaud

Trainee, Policy Analysis and Outreach

angele.billaud[at]ecs-org.eu

Share this article on social media