Response to the Commission consultation on the Digital Fitness Check

FESE responded to the European Commission's Consultation and Call for Evidence on the Digital Fitness Check (here).

We support the Commission's efforts to simplify digital regulations and reduce administrative burdens for businesses, citizens, and public authorities. From the FESE perspective, we observe several overlaps between sector-specific legislation such as DORA and horizontal regulation such as the NIS 2 Directive and the Cyber Resilience Act. We have long supported the use of DORA as the reference framework for ICT security in the financial sector, and we therefore welcome recital 16, which recognises that DORA constitutes lex specialis to the NIS Directive. However, we would recommend ensuring consistency when streamlining all horizontal legislation. Our response further elaborates on areas of overlap between DORA, NIS 2, the Cyber Resilience Act, and other relevant rules.

Digital Omnibus

While further simplification would have been beneficial, we welcome the introduction of a Single Entry Point for incident reporting across multiple legislative frameworks, including DORA, the NIS 2 Directive, eIDAS, CER, and the GDPR, as a positive step towards streamlining reporting obligations.

Cybersecurity Package

We acknowledge ENISA's important role in strengthening the EU's cybersecurity landscape. At the same time, we caution that an excessive reinforcement of its powers could create concentration risks and may affect the EU's attractiveness for non-European service providers, including global cloud service providers. We therefore underscore the importance of ensuring that governance arrangements strike an appropriate balance between effective oversight and the preservation of an open, competitive and non-discriminatory internal market.