While the update mentions European Digital Identity Wallets and European Business Wallets as essential entities under NIS 2, the core focus is on cybersecurity governance, data protection frameworks, and ICT supply chain security rather than payment services regulation.
Low confidence — requires human review. The update references digital wallets in a cybersecurity/data protection context, but does not substantively regulate wallet issuance, safeguarding, or e-money operations.
Specialism
The update addresses cybersecurity infrastructure, ICT supply chain security, and ransomware attack reporting measures under the proposed Cybersecurity Act 2 and NIS 2 Directive amendments, which are core cybersecurity regulatory concerns.
The joint opinion emphasizes data protection safeguards in cybersecurity incident reporting and personal data breach notifications, making Data Protection a secondary consideration, though the primary focus remains cybersecurity infrastructure and resilience.
2026-04-17 08:05:42·adavies@vixio.com
Meta Id
3069599
Content ID
3078081
GUID
0e9b08ff8fdaa33d3c4969d61e3ed4e2
Pipeline Progress
🔄 Pipeline Journey
⏱
17s
total
✓
Queued08:05:25
+0s
✓
Metadata08:05:25
+0s
✓
S3 Content08:05:25
+2s
✓
Extracted08:05:27
+8s
✓
LLM Gen08:05:35
+7s
✓
Stored08:05:42
TITLE: European Union Data Protection Authorities Issue Joint Opinion on Cybersecurity Act 2 and NIS 2 Directive Amendments
BODY:
On 18 March 2026, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) adopted a joint opinion on the European Commission's proposals for a Cybersecurity Act 2 (CSA2) and amendments to the Network and Information Security 2 Directive (NIS 2 Directive). The proposals were formally consulted on 21 January 2026 following the Commission's issuance of the CSA2 Proposal on 20 January 2026.
The EDPB and EDPS support the proposals' general objectives to strengthen the European Union Agency for Cybersecurity (ENISA) role, facilitate cybersecurity certification uptake, and address information and communications technology (ICT) supply chain security risks. The authorities particularly welcome the establishment of a single-entry point for personal data breach notifications, which would reduce administrative burden for organisations without diminishing data subject protection.
The joint opinion provides specific recommendations across several areas. Regarding ENISA's cooperation framework, the EDPB and EDPS recommend adding the EDPS as an explicit requestor for cybersecurity advice under Article 5(1)(h) CSA2 and recommend amending Article 68 to explicitly reference the EDPS as a Union body for cooperation purposes. On the European Cybersecurity Skills Framework, they recommend expanding Article 19(2) to include profiles for general workforce and citizens, not exclusively cybersecurity professionals. For the European Cybersecurity Certification Framework, they recommend clarifying Article 80(1)(w) CSA2's relationship to GDPR certification requirements and requiring ENISA to consult the EDPB before adopting certification schemes.
The authorities welcome the designation of European Digital Identity Wallets and European Business Wallets providers as essential entities under the NIS 2 amendments, and support enhanced ransomware attack reporting measures. They recommend specifying applicable data protection safeguards in implementing acts addressing ransomware incident reporting.
REFERENCES:
European Data Protection Board and European Data Protection Supervisor Joint Opinion [4/2026] on the Proposal for a Cybersecurity Act 2 and the Proposal on amendments to the NIS 2 Directive, adopted 18 March 2026. Available at: https://www.edpb.europa.eu/