EDPB and EDPS support strengthening EU’s cybersecurity and easing compliance while protecting individuals’ personal data
New governance development detected from EDPB News. Brussels, 19 March 2026 – The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have adopted a Joint Opinion on the European Commission’s proposal…
What happened
The latest edpb publication sets out a development that is directly relevant to governance operators. Brussels, 19 March 2026 – The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have adopted a Joint Opinion on the European Commission’s proposal for a Cybersecurity Act 2 (CSA2) and the proposal on amendments to the Network and Information Security 2 (NIS2) Directive. the Commission published a cybersecurity package proposal to further strengthen cybersecurity in Europe while making compliance with cybersecurity laws easier for organisations.
Why it matters
This matters because it changes what privacy teams, platform owners, or product leaders should treat as a real operating constraint. It is a direct signal about how compliance and policy expectations are being translated into implementation work.
Assessment
The strongest signal here is operational direction: this is about turning guidance or policy into concrete expectations. In practice, that means cloud-adjacent control planes, shared services, and inherited trust assumptions deserve more scrutiny than many organisations currently give them.
Recommended actions
- Check whether cloud services, connectors, or shared administrative paths create avoidable trust-boundary risk
- Translate the development into specific ownership, policy, and evidence requirements instead of leaving it as background policy tracking
- Monitor follow-on reporting or primary-source updates for scope expansion, implementation guidance, or stronger enforcement signals
Further reading
- Primary source
- Source profile: Governance