On 2 December 2024, the Council of the European Union (EU) adopted amendments to the Cybersecurity Act (EU) 2019/881 as regards managed security services. The intended amendments would facilitate the introduction of European cybersecurity certification schemes specifically for managed security services. The amendment would be an extension to the existing coverage of the Cybersecurity Act, which already includes certification for information and technology (ICT) products, ICT services, and ICT processes. The Amendments acknowledge the growing significance of managed security services in preventing, detecting, responding to, and recovering from cybersecurity incidents. These services may include activities such as incident management, penetration testing, security assessments, and technical support consulting.
Original source