April 2026 – We are pleased to share our latest overview and critical analysis of the European cybersecurity reform, Cybersecurity Act 2.0 (CSA2).
This overview examines one of the most significant proposed shifts in the EU’s digital regulatory framework since the adoption of the original Cybersecurity Act. It outlines the key elements of the European Commission’s proposal, including the expansion of ENISA’s mandate, the centralisation of certain cybersecurity competences at EU level, and a harmonised framework addressing “non-technical risks” linked to third-country suppliers.
The analysis also highlights the potential impact of CSA2 on Member States’ sovereignty, public procurement, certification schemes, and the broader business environment, as well as the financial and operational consequences for market participants, particularly in light of the proposed “high-risk vendor” designation and mandatory phase-out requirements.
Through this overview, we aim to provide stakeholders and market participants with a clear understanding of the evolving cybersecurity landscape in the EU, the challenges arising from CSA2, and its potential implications across jurisdictions, with a specific focus on Croatia and Hungary.
Click on the image below or use the following link to read the full overview in English.
