The Digital Network Act and Cybersecurity Package – Towards a Europe’s Digital Decade 2030

Last week, the Commission published proposals that aim to respond to rapid technological change and an increasingly complex geopolitical situation. The Digital Network Act combines electronic communications regulations into a single EU framework, strengthening the internal market, online security, and investment. The Cybersecurity Package improves the EU’s ability to anticipate, prevent, and manage cybersecurity threats by streamlining regulations and securing supply chains.

The Digital Networks Act

The Digital Networks Act (DNA) was presented as a competitiveness measure in the European Commission’s Competitiveness Compass at the beginning of 2025. The Commission published its legislative regulation proposal on January 21st, 2026. The Digital Network Act establishes a more cohesive framework for the internal market by combining four existing regulations – European Electronic Communications Code (EECC), Body of European Regulators of Electronic Communications (BEREC), Radio Spectrum Policy Programme, and Open internet and net neutrality – into one regulation. Tech Commissioner Henna Virkkunen describes that the Commission’s goal is to establish a digital environment where new technologies are easily accessible and affordable and are based on fair and reliable rules that benefit people. For this reason, the Commission is proposing a regulation instead of a directive to ensure uniform application in the member states. A regulation is binding than a directive – regulation must be applied in its entirety across the EU.

The proposed regulation aims to improve network security and resilience. The proposal prioritizes reducing the administrative burden on companies and creating a clearer, more predictable operating environment. Reducing the administrative burden would free up capacity for innovation and investment.

The first step toward this goal is to create a unified digital passport system for service providers called the “Single Passport.” This system would enable service providers to access the entire EU market by notifying only one Member State’s regulatory authority of their intentions. These authorities would be required to approve these notifications in a short timeframe.

Ennustettavuuden, hallinnollisen taakan vähentämisen ja sääntelyn selkeyttämisen lisäksi DNA:ssa esitellään EU:n tason varautumissuunnitelma, jolla torjuttaisiin luonnonkatastrofien ja ulkomaisten tahojen verkkoihin ja radiosignaaleihin kohdistuvien häiriöiden kasvavia riskejä. Myös EU:n tason yhteistyötä halutaan kasvattaa ja ehdotuksessa esitelläänkin vapaaehtoisuuteen perustuva yhteistyömekanismi sektorin eri palveluntarjoajien sekä muiden toimijoiden välille.

The proposed legislation aims to accelerate the transition from copper networks to full fibre digital environment that serves the future requirements. It requires mandatory national transition plans and aims to achieve full fibre network coverage by 2030–2035. Strengthening digital networks will enable wider adoption of AI, cloud, space and other innovative technologies.

Cybersecurity Package

Key services and democratic institutions in Europe face cyber and hybrid attacks everyday. The first Cybersecurity Act was adopted in 2019, and on January 20th, 2026, the Commission published Cybersecurity Package that proposes amendments to this regulation. These revisions will enhance the security of the EU’s information and communication technology supply chains and strengthen the EU’s cyber resilience. The package mostly consists simplifying regulations to make enforcement easier.

The European Cybersecurity Certification Framework (ECCF) will be simplified and more transparent system that ensures products that enters the markets are cybersecurity-ready allready from the design stage onward. This voluntary certification system allows companies to demonstrate their compliance with EU legislation. The certificate guarantees a high level of security for citizens, businesses, and authorities and increases confidence in complex supply chains.

It is proposed that the role of the European Union Agency for Cybersecurity (ENISA) be strengthened. ENISA supports Member States, EU businesses, and other stakeholders in managing and preparing for cybersecurity threats. The agency is also responsible for establishing a single entry-point for entities to report incident in only one place as proposed in the Digital Omnibus. This measure will improve the EU’s ability to anticipate, manage, and respond to cyber threats.

The package also aims to strengthen the security of information and communication technology supply chains. Given the current geopolitical situation, supply chain security now includes not only the security of technical products or services, but also the risks associated with suppliers.

The update to the NIS2 Directive (Network and Information Security Directive), included in the Cybersecurity Package, will improve enforcement of cybersecurity obligations and strengthen cybersecurity. The NIS2 Directive has created a uniform minimum level of cybersecurity, and now targeted changes are being made to simplify it, increase legal clarity, and ensure more consistent implementation in Member States.

The proposed regulations will now be debated in Parliament. According to the standard legislative procedure, Parliament and the Council of the European Union will approve the Commission’s legislative proposals. According to current estimates, the final regulations will enter into force in spring 2027.