EDPB and EDPS support strengthening EU’s cybersecurity and easing compliance while protecting individuals’ personal data | European Data Protection Board
While the update mentions European Digital Identity Wallets and European Business Wallets as essential entities under NIS2, the content is primarily about cybersecurity and data protection frameworks rather than payment services regulation.
Low confidence — requires human review. The update references digital wallets but focuses on cybersecurity governance and data protection rather than e-money issuance, safeguarding, or payment instrument regulation.
Specialism
The update addresses cybersecurity framework strengthening through CSA2 and NIS2 amendments, but the focus is institutional coordination and policy development rather than specific payment firm obligations; requires human review due to moderate confidence.
Data protection considerations are emphasized throughout, particularly regarding GDPR certification and personal data breach notifications, but the update is primarily about cybersecurity policy coordination rather than direct data protection rules; requires human review.
2026-03-19 13:02:02·adavies@vixio.com
Meta Id
2983656
GUID
247cae39af5918f30c5972bb88d4ed4c
Pipeline Progress
🔄 Pipeline Journey
⏱
12s
total
✓
Queued13:01:50
+0s
✓
Metadata13:01:50
+0s
✓
S3 Content13:01:50
+0s
✓
Extracted13:01:50
+5s
✓
LLM Gen13:01:55
+7s
✓
Stored13:02:02
TITLE: European Data Protection Board and Supervisor Support Strengthened European Union Cybersecurity Framework
BODY:
On March 19, 2026, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) adopted a joint opinion on the European Commission's proposals for a Cybersecurity Act 2 (CSA2) and targeted amendments to the Network and Information Security 2 (NIS2) Directive. The Commission published the cybersecurity package proposal on January 20, 2026, to strengthen cybersecurity across Europe while streamlining compliance for organisations.
The EDPB and EDPS support the general objectives of the CSA2 proposal, including strengthening the role of the European Union Agency for Cybersecurity (ENISA), facilitating cybersecurity certification uptake, and addressing risks to information and communications technology (ICT) supply chains. The authorities welcome ENISA's clarified support mechanisms and recommend that ENISA's advice be issued upon prior request from the EDPB to ensure clear coordination. They further suggest adding the EDPS as a possible requestor of advice from ENISA. The joint opinion emphasises that any additional measures adopted by ENISA's Management Board should be limited to technical details related to personal data processing and require prior consultation with the EDPS.
Regarding cybersecurity certification, the EDPB and EDPS recommend clarifying the scope of the European Cybersecurity Certification Framework and its relationship with General Data Protection Regulation (GDPR) certification. ENISA should consult with the EDPB before adopting certification schemes relating to personal data security. The authorities also support establishing a single-entry point for personal data breach notifications to reduce administrative burden. Additionally, they welcome the designation of European Digital Identity Wallets and European Business Wallets providers as essential entities under the NIS2 amendments.
The joint opinion underscores that cybersecurity and data protection are reciprocal and interconnected, emphasising that security controls must not undermine individuals' fundamental rights.