AIOTI WG Policy provided a response to the Cybersecurity Act
In the response AIOTI welcomes the revised Cybersecurity Act (CSA2) as a positive step toward strengthening cybersecurity across the European Union through greater harmonization, standardized certification schemes, and internationally recognized technical standards. The organization emphasizes that cybersecurity frameworks should remain based on objective, measurable, and technically verifiable criteria rather than non-technical risk considerations that could create fragmentation among Member States.
AIOTI advocates for harmonized EU-wide cybersecurity baselines, initially through recommended measures and progressively through mandatory safeguards adapted to different sectors and critical infrastructures, while ensuring proportional obligations for SMEs. The response also highlights emerging cybersecurity risks linked to advanced AI systems, stressing the need for robust governance, ethical safeguards, continuous testing, human oversight, and accountability mechanisms.
Drawing parallels with Corporate Social Responsibility (CSR) reporting frameworks, AIOTI proposes a transparency-based cybersecurity approach focused on mandatory disclosure of cyber risks, governance structures, and risk management practices rather than rigid technical prescriptions.
Finally, AIOTI supports open, technology-neutral European and international standardization processes and underlines that ENISA’s role should remain advisory rather than extending into drafting technical specifications.