The European Standardization Organizations (ESOs) CEN, CENELEC, and ETSI, together with European Union Agency for Cybersecurity (ENISA), successfully co-hosted the 10th Cybersecurity Standardization Conference on 12 March 2026 in Brussels.
Marking the 10th anniversary of this flagship conference, the hybrid event brought together policymakers, industry leaders, researchers, and cybersecurity experts to discuss the evolving European cybersecurity landscape. Over the past decade, the conference has become an important platform for dialogue between these stakeholders, helping shape the role of standards in strengthening Europe’s cybersecurity framework.
The conference, titled “European Standardization Supporting New Legislative Cybersecurity Landscape,” explored the state of play of the global standardization ecosystem, the landscape of legislative proposals and how they affect standardization, updates on the Cyber Resilience Act (CRA), and the way forward for European standardization. The goal of the event was to facilitate collaboration and dialogue among stakeholders to strengthen the critical role of standards in supporting EU cybersecurity.
Key highlights of the conference included:
- Challenges and Opportunities for EU Standardization Activities:
The opening session examined the position of European standardization in the global ecosystem and discussed the opportunities and challenges ahead of the European Standardization Organizations (ESOs). Speakers explored how standards contribute to strengthening Europe’s strategic autonomy and enhancing cybersecurity resilience in an increasingly complex technological and geopolitical environment. While there is a call on ESOs to prioritize speed and increase the agility of the standardization system, panellists agreed that the consensus-based quality that European standards have relied on for decades should not be compromised. - Landscape of Legislative Proposals:
Participants discussed the rapidly evolving EU legislative framework and its implications for standardization activities. The session examined the increased reliance on harmonized standards to provide presumption of conformity and explored how much flexibility regulators should allow. Speakers also discussed the balance between high regulatory ambition and the need to keep implementation manageable for industry, especially for SMEs. - Standards for the Cyber Resilience Act:
A dedicated session focused on the role of standards in supporting the implementation of the Cyber Resilience Act. Experts discussed the timeline of CRA standards, the interplay between the CRA and other legislative acts like NIS2, the Digital Operational Resilience Act (DORA), and eIDAS, and the broader impact of the CRA on cybersecurity practices across industries. - Way Forward for European Standardization:
The closing discussion looked ahead to the future of standardization in Europe. Panellists agreed that the current version of Regulation 1025/2012 remains fit for purpose, and they discussed ways to speed up the work on technical specifications, as well as EU sovereignty and Europe being a point of reference globally when it comes to standardization.
The conference once again attracted strong interest from stakeholders across Europe, highlighting the growing importance of cybersecurity standardization in supporting a secure and resilient digital single market. ENISA, CEN, CENELEC, and ETSI would like to thank all speakers and participants for their valuable contributions and look forward to continued collaboration in advancing European cybersecurity standards.
For more information about the conference and future editions, please visit the event website.
