EU telecommunications ministers are set to review progress on a proposed cybersecurity package at the Transport, Telecommunications and Energy (TTE) Council meeting on June 9, with discussions centered on strengthening the bloc’s cyber resilience, securing ICT supply chains, and reinforcing the role of the EU Agency for Cybersecurity (ENISA). The EU Council detailed a package, which includes a proposed update to the EU Cybersecurity Act, designed to support the Union’s strategic autonomy while simplifying cybersecurity certification schemes and selected provisions of the NIS2 Directive.
The cybersecurity discussions form part of a broader EU effort to build more secure and resilient digital infrastructure as cyber threats continue to target critical sectors across Europe. According to the Council, the proposed measures aim to enhance resilience, improve cross-border cooperation, and strengthen trust in digital networks and services, while supporting the development of cybersecurity skills and the implementation of EU cybersecurity legislation.
In a background brief released on Thursday, the EU Council identified that the presidency will present progress reports on the Digital Networks Act and the EU cybersecurity package, while ministers are expected to adopt conclusions on both the maritime industrial strategy and the EU ports strategy.
The Digital Networks Act aims to accelerate the development of robust, high-speed, secure, and advanced digital network infrastructure across the European Union to support the bloc’s digital transformation agenda. The proposal seeks to facilitate cross-border business operations, encourage investment in next-generation connectivity, strengthen competitiveness and resilience, and advance a more integrated digital single market.
The proposed legislation would consolidate several existing regulatory frameworks into a single regulation comprising 210 articles and 416 recitals. It would merge provisions currently covered by the European Electronic Communications Code (EECC), the Body of European Regulators for Electronic Communications (BEREC) Regulation, the Radio Spectrum Policy Programme (RSPP), the Open Internet Regulation (OIR), and the ePrivacy Directive.
“The proposal on the cybersecurity package includes a proposal for a revised cybersecurity act, known as the CSA2, and a directive with targeted amendments to the NIS2 Directive,” the brief detailed. “It aims to contribute to several key political priorities, including the strategic autonomy of the EU (in particular the provisions on ICT supply chain), resilience (through the strengthening of ENISA) and the simplification agenda (simplification of the certification schemes and of some provisions of the NIS2 Directive).”
It added that an important part of the proposal on the revised cybersecurity act is a new Union-level trusted ICT supply chain security framework, aiming at reducing cybersecurity risks in ICT supply chains.
Presented alongside the maritime industrial strategy, the EU ports strategy underscores the growing strategic importance of Europe’s ports, which handle 74% of goods entering and leaving the EU and serve approximately 395 million passengers each year. Beyond their traditional role as trade gateways, ports are increasingly functioning as critical hubs for energy distribution, defense operations, industrial activity, and innovation. At the same time, they face mounting challenges from global competition, organized criminal activity, and growing spectrum of cyber threats targeting critical infrastructure.
In April, Europol published its annual Internet Organised Crime Threat Assessment (IOCTA), outlining how the cybercrime landscape has evolved over the past 12 months, with a focus on emerging threats and shifting criminal tactics. Ransomware remains a dominant threat across the EU, with more than 120 active ransomware brands observed by Europol in 2025. Criminal actors continue to exploit vulnerabilities in the digital supply chain and employ increasingly sophisticated social engineering techniques.
