Impact of new cybersecurity regulations on SMEs in digital services

Question for written answer E-002458/2024
to the Commission
Rule 144
Beatrice Timgren (ECR), Charlie Weimers (ECR), Dick Erixon (ECR)

The recent Directive (EU) 2022/2555[1] on cybersecurity, introduced by the Commission, establishes broad requirements for companies in online services - including DNS providers, cloud services, online marketplaces and social networking platforms - with specific stipulations for risk management, incident reporting and supply chain security. While these measures aim to strengthen network security across the EU, they pose significant financial and operational challenges, particularly for the small and medium-sized enterprises (SMEs) and micro-entities which are prevalent in the digital sector.

• 1.Given the high compliance costs and complex requirements detailed in the directive, what steps is the Commission considering to alleviate the regulatory and financial burdens on SMEs in the digital sector?
• 2.Does the Commission plan to provide specific resources or guidance tailored to help smaller firms fulfil these cybersecurity standards without undermining their operational viability and competitiveness in the global market?

Submitted: 7.11.2024

• [1] Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, OJ L 333, 27.12.2022, p. 80, ELI: http://data.europa.eu/eli/dir/2022/2555/oj.