Bart Groothuis MEP’s remarks centered on the necessity of proactive measures in cybersecurity, with particular attention drawn to logging and telemetry systems for critical infrastructure. Lessons from Ukraine’s approach to cyber defense were highlighted, emphasizing the importance of correlating data between private and public sectors. Internet governance was also addressed, with a warning issued about the risks posed by adversarial geopolitical actions, including those of China.

A practical lens on cybersecurity incidents was offered by Marnix Dekker of ENISA, who categorized threats into short-term operational issues and longer-term espionage risks. The value of partnerships between authorities and private operators was stressed, alongside the recommendation of near-miss reporting to enhance transparency. Broad applicability of the NIS2 Directive to ICT and critical sectors was presented as a key aspect of the legislative framework.

Johan Klykens emphasized the importance of coordinated regulatory approaches and showcased Belgium’s “Cyber Fundamentals” as a foundational model for EU-wide implementation. It was argued that the Cybersecurity Act (CSA) should undergo a thorough review to address inefficiencies, particularly in balancing technical and political decision-making in certification schemes. Multi-factor authentication (MFA) was presented as a vital yet simple tool for mitigating threats.

The complexities of supply chain vulnerabilities were underscored by Mike Nichols, who detailed examples where third-party cyber incidents disrupted critical business operations. The role of harmonized standards and more specific guidance for companies was stressed, with small and medium-sized enterprises identified as particularly at risk. A call for faster regulatory enforcement and enhanced supervision of supply chain cybersecurity was made.

Sara Bussiere from Orange addressed the importance of proportional implementation of NIS2, emphasizing the need for clarity and harmonization across the EU to avoid operational inefficiencies. Issues such as cloud sovereignty and cyber ratings were brought forward, with an appeal for stronger collaboration between industry and policymakers to ensure comprehensive and effective cybersecurity strategies.

The discussion concluded with consensus on the urgency of accelerating NIS2 implementation, fostering public-private cooperation, and creating harmonized standards to enhance Europe’s cyber resilience and security posture.