Invitation for submission of opinions on the proposal for the Cybersecurity Act (Cybersecurity Act 2 – CSA 2)

The National Cybersecurity Authority (NCA) and the General Secretariat of Telecommunications and Post (GSTP) of the Ministry of Digital Governance announce the conduct of a public consultation regarding the proposal for a Regulation of the European Parliament and the Council amending Regulation (EU) 2019/881, known as the "Cybersecurity Act 2" (CSA 2), which was presented by the European Commission on January 20, 2026.
https://digital-strategy.ec.europa.eu/en/library/proposal-regulation-eu-cybersecurity-act

The CSA 2 proposal aims to enhance the resilience of the European Union against advanced cyber threats and to ensure the supply chain of Information and Communication Technologies (ICT). The main axes of the proposal include:

1. Supply chain security: Establishing criteria for identifying high-risk suppliers in critical sectors.
2. Enhanced role of ENISA: Upgrading the operational capabilities of the Agency for market monitoring and vulnerability management.
3. European certification schemes: Accelerating the adoption of common certification standards for cybersecurity products and services.
4. Interaction with the NIS2 directive: Harmonizing technical requirements with the Network and Information Security Directive.

The Ministry of Digital Governance invites all interested parties (ICT service providers, the cybersecurity industry, the academic community, and public bodies) to submit their comments and observations. Particular emphasis is placed on the following points:

1. Impact of European certification schemes and new compliance requirements on Greek businesses (especially SMEs)
2. Framework for evaluating high-risk suppliers and defining trusted vendors in ICT equipment and services.
3. Obligations for risk management, cybersecurity measures, and reporting for Greek businesses, in conjunction with CSA 2, NIS 2, and the national framework.

Interested parties are invited to send their views electronically to the addresses info@cyber.gov.gr and ggtt@mindigital.gr by May 25, 2026 New deadline: May 29, 2026.

The results of the consultation will be taken into account for the formulation of the national position in the competent bodies of the Council of the European Union.