OpenLobby.EU
Explore

European Committee for Interoperable Systems

ECIS

ECIS is an international non-profit association founded in 1989 that endeavours to promote a favourable environment for interoperable ICT solutions.

Lobbying Activity

Response to Revision of the 'New Legislative Framework'

2 Sept 2025

We highly value the NLF as a key instrument of technical regulation. Working with harmonized European standards that are market relevant and market-driven and reflect the state of the art enables a comparatively simple, unbureaucratic, and stringent process for achieving compliance and demonstrating market surveillance. Standardization must always ensure requirements remain realistic and implementable. There is still a learning curve in this area, especially with the new regulations (AI Act, CRA - proposed standards are not feasible in practice, may not be implemented in open source or can only be implemented with considerable additional effort, and in some cases go far beyond the legal requirements. The NLF is the core of the common European internal market. It has proven itself over decades as an instrument that functions simply and rigorously and can also respond quickly to innovations. Delays have been problematic since the ECJ ruling on James Elliott and other cases. It must be the clear goal for all involved that a standard is citable once it is completed. Conflicts must be clearly identified and resolved at an early stage. The HAS Consultants tool has not proven effective in this regard and must be reconsidered ideally in favor of processes that provide for continuous monitoring of standardization by the administrations. Compatibility with global standards, especially international standards, is of utmost importance. The NLF mechanisms allow for this. Problems arise when standardization mandates are designed in such a way that the adoption of international standards is not easily possible. The clear separation of responsibilities, whereby protection objectives are defined in the legal act while the formulation of technical implementation is entrusted to the standardization organizations within the framework of the European standardization public-private partnership, ensures that, through constant maintenance and the development of new versions of the standards, technical innovations are rapid, market-driven, and available to the entire European internal market. While the standardization organizations must improve their processes to eliminate bureaucracy and unnecessary process steps that have crept in over the years and to remain future-proof, consensus-based standardization is already the fastest way to provide widely accepted innovations for market access in regulated fields. All other alternatives are either slower or lack the element of broad consensus among all stakeholders. In general, new processes are needed in European standardization that are better adapted to the working methods and needs of the IT sector. These include direct involvement, greater transparency and openness, more agile working and coordination methods, etc. There must also be a clear place for the IT sector where IT standardization takes place. The current competition between CEN-CENELEC and ETSI is detrimental to the efficient and effective participation of experts. We generally see no major need for a fundamental revision of the NLF. The framework and instruments have proven their worth and should be retained. The changes should be introduced in a targeted manner as supplements to the current framework. As a result of the new EU regulations in the IT and software sector, particularly the AI Act, the CRA, the Data Act, a specific adjustment of the NLF is necessary to also cover the life cycle of products and technologies. The requirements for software are not limited to the placing of the technology on the market, but also cover the operation of the software. This requires that the terminology of the NLF be adjusted, also to be able to meaningfully distinguish between the manufacturer of the technology and the operator and their respective obligations.
Read full response

Response to Amendment to the list of the state-of-the-art documents supporting the EUCC scheme

29 Aug 2025

Legal Certainty: The EUs ongoing omnibus initiative to simplify and clarify the regulatory landscape and address existing overlaps between regulations such as NIS2, DORA, and the CRA. Multiple incident reporting requirements between cyber regulatory schemes create complexity, legal ambiguity and reduce operational resilience. International Recognition and Competitiveness: Mutual recognition: the EUCC should / must be internationally recognised and by the same token non-EU27 schemes that are equivalent recognised within the EU. Mutual recognition is important to remove de facto trade barriers and boost European competitiveness in overseas markets. Vulnerability Management and Reporting: Under EUCC certificate holders have to report vulnerabilities they identify. Under Common Criteria (CC) vulnerability reporting has been required, but has frequently not been enforced by all schemes in a consistent and uniform manner. A global approach to CVE registration is crucial and this as above should be aligned with the NIS2 thresholds and triggers. ECIS members extensive experience and research can be shared to help move this forward. Transitional Provisions and Technical Requirements: ECIS is prepared to share the technical/operational perspective of our members on the technical transition from older versions of Common Criteria (CC) to newer ones, such as the move from CC 3.1 to CC:2022. This transition will also be useful in aligning the CRA and EUCC.
Read full response

Response to Revision of the Standardisation Regulation

18 Jul 2025

We strongly support the New Legislative Framework (NLF) and a European standardisation system (ESS) built on solid foundations and driven by a public-private partnership. We welcome that issues regarding the ESS are being addressed, and the European Commission should work with European Standards Organisations (ESOs) to improve the system. The basic direction and focus: a clear, lean legal framework with flexibility to constantly improve and adapt to market needs at the level of the implementation. We advise against regulating too much as this may have adverse effects on the functioning, the speed and the agility of the system. We note that this revision of Regulation 1025 comes at a point when a lot of standardisation work is needed and underway - this represents a risk if the revision is not effective. The IT sector needs its own place to do standardisation work. This place should be market-driven, based on customer demand with processes that are favourable for the IT sector in Europe. Currently there is competition between CEN-CENELEC and ETSI about where IT topics are addressed - this often leads to duplication of efforts and forces the IT sector to spread resources across different organisations. One solution - allow other leading IT standardisation fora/consortia such as OASIS, W3C, IETF, ECMA to be designated as an ESO. This would also enable European standards to be embedded and aligned with international standards - crucially important as the IT sector has a global footprint and fragmentation should be avoided. We recommend a call to the ESOs, supported by the EU, to establish favourable processes and a favourable environment for the IT sector. Such a favourable environment should consider: - Link to ISO/IEC JTC 1 - Direct participation - Free availability of standards - Implementability in open source (given that it is the main development model for software) - Interaction and partnering with leading IT standardisation fora/consortia (like OASIS, W3C, IETF, Ecma) and open source foundations Creating such an environment, e.g. with a new pillar for IT standardisation in Europe, will require the acceptance of the EU, perhaps with a respective amendment of Annex I of Regulation 1025. We recommend that open source-focused organisations, including umbrella bodies and CRA type stewards of open source infrastructure, should be recognised under Annex III to strengthen their representation in standardisation processes. As regards common specifications, we are concerned about a lack of transparency and likely disconnect from international standardisation. Standardisation should remain a voluntary process. Common specifications will blur the lines and risk discouraging industry and other stakeholders to invest in standardisation and could become legally binding. Alternatively, EU institutions like JRC or ENISA should participate actively and on equal grounds with all other stakeholders, in areas of strategic relevance for the EU to drive standardisation - this would create a new basis of the PPP of European standardisation and should help to prevent a deadlock where standards are not available However a new agency is not required as it is not clear what the purpose would be for a new agency or what problem the new agency would address or solve. The European Commission already has this competence in the JRC, ENISA, today. It is a matter of empowering them to actively contribute to standards development. We note good experience with national regulators participating actively and even taking chair or editor positions. In this context, we also support several points made in the Joint Statement on the Commissions proposal on Common Specifications.
Read full response

Response to Digital Networks Act

11 Jul 2025

The "Digital Networks Act" (DNA) initiative presents opportunities for open source in telco modernisation with an increased use of cloud-native applications, GenAI, software-defined networks, and virtualized RAN. Importance of Open Source in Telco Modernisation: - Increased demand for Cloud-Native and Virtualized solutions: The DNA initiative aligns with the shift towards cloud and edge computing, and virtualization. Open source technologies like Kubernetes, OpenStack, and KVM are foundational to these transitions, accelerating adoption of modern infrastructures. - Harmonisation and Single Market focus: The DNA's goal of a more integrated single market can facilitate the deployment and scaling of open source solutions by unifying standards and reducing country-specific certifications / barriers to innovation. - Emphasis on Security and Resilience: Enterprise open source solutions contribute significantly to secure and resilient digital infrastructure due to their transparency and community-driven security practices. - Challenges of over-regulation: A potential risk is that over-regulation in national implementations could constrain the flexibility of the global open source community. Accelerating Telco Modernisation with Open Source: Objectives and Policy Options: - Addressing Lack of Innovation and Investment / Barriers to Cross-Border Operation: Open source and cloud-native platforms enable faster innovation cycles and easier cross-border deployment by reducing CapEx/OpEx/TCO and accelerating service rollout, while also reducing vendor lock-in. - Facilitating Technological Transformation (Cloud & Edge, Fibre, 5G): Open source is foundational to this transformation, with European telecommunication companies leveraging open source containerisation for 5G core network functions, edge deployments, and orchestrating legacy infrastructure. Open source will be indispensable for 6G adoption. - Simplification and Harmonisation: Open source reduces complexity through standardised APIs and methodologies for network automation, streamlining operations across diverse national networks and reducing fragmented regulatory burdens. Economic and Environmental Benefits: - Economic Impact (Innovation, Investment, Competitiveness, SMEs): Adopting open source cloud-native solutions brings economic benefits by enabling new services, creating jobs, fostering a vibrant ecosystem for European SMEs, and lowering entry barriers for smaller players in the digital infrastructure. - Environmental Impact (Sustainability, Efficient Use of Networks): Virtualized and cloud-native network functions on efficient open source platforms can lead to better energy utilization and a lower carbon footprint compared to proprietary, hardware-centric solutions. Proactive Measures for Copper Switch-off: Cloud-native orchestration platforms can facilitate the migration of services from copper to fibre, ensuring smooth transitions and automated service provisioning. Clarification of Open Internet Rules and Innovative Services: Open source platforms, with open APIs and high interoperability, foster innovation without infringing on Open Internet principles. New cloud-native telecom services should be discussed within regulatory clarity. GenAI Integration: Open source AI/ML frameworks and models are increasingly used in telco operations for network optimization, predictive maintenance, security threat detection, and customer service, improving efficiency and reducing operational costs. Governance (BEREC, RSPG): These bodies could use open source reference architectures and best practices to foster harmonized technical implementations across Member States, supporting enhanced EU governance.
Read full response

Response to Technical description of important and critical products with digital elements

18 Apr 2025

Please find attached ECIS' response to this Call for feedback. Thank you and kind regards, ECIS
Read full response

Response to Rules and conditions for the establishment and the operation of the interoperability regulatory sandboxes

13 Mar 2025

ECIS is an international, non-profit association of information technology companies founded in 1989. We promote a favourable environment for interoperable ICT solutions and actively represent our members on issues relating to interoperability and competition before European, international, and national fora. As a prominent industry association focused on all facets of interoperability, ECIS has meticulously followed and engaged in EU policies frameworks that promote interoperability and open source, such as the first being the EIF (European Interoperability Framework) back in 2004 and subsequent revisions (2010 and 2017) which, along with other policies (DIGIT open source strategy, ISA2, Horizon etc) have taken an ever greater emphasis on putting open standards and open source into practice within the Public Sector. ECIS believes that the Interoperable Europe Act (IEA) further expands the EUs default-to-open policy with a binding robust legal framework for EU institutions and EU Member States to accelerate IT modernisation and enhance cross-border interoperability so as to improve public sector services. Apart from the economic benefits and efficiency gains, experience shows that interoperability and open source use and upstream contribution improves user centricity and positively affects public values, such as improving trust from citizens in their governments. ECIS strongly welcomes the IEAs open-by-default principles as well as the clarification to both promote European Union Public Licence (EUPL) while not excluding other open source licenses to enable and optimise a strong community engagement to not only assess and inspect the interoperability and security of solutions but also build out solutions with an upstream first perspective and then further harden into an enterprise product and support subscription for deployment into critical infrastructure. Such regulatory sandboxes provide a useful opportunity to facilitate and accelerate both upstream and downstream deployment of open source solutions and thereby optimise high hygiene with regards to interoperability and thus public sectors choice of IT provider and thus digital autonomy regardless of parentage of the company providing the open source solutions.
Read full response

Response to Rules specifying the obligations laid down in Articles 21(5) and 23(11) of the NIS 2 Directive

24 Jul 2024

Please see attached ECIS response to the public consultation on the implementing act under Articles 21 and 23 of the NIS2 Directive.
Read full response

Response to Data Act (including the review of the Directive 96/9/EC on the legal protection of databases)

13 May 2022

The European Committee for Interoperable Systems ("ECIS") is an international, non-profit association of information technology companies founded in 1989 which endeavours to promote a favourable environment for interoperable ICT solutions. For three decades ECIS has actively represented its members on issues relating to interoperability and competition before European, international, and national fora, including the EU institutions and WIPO. ECIS' members include both large and small information and communications technology hardware and software providers, including IBM, McAfee, Opera, Oracle, and Red Hat. For further information, please see ECIS' website at www.ecis.eu. ECIS' views on the proposal for the Data Act can be found in the attached document.
Read full response

Response to Standard Essential Patents

9 May 2022

The European Committee for Interoperable Systems ("ECIS") is an international, non-profit association of information technology companies founded in 1989 which endeavours to promote a favourable environment for interoperable ICT solutions. For three decades ECIS has actively represented its members on issues relating to interoperability and competition before European, international and national fora, including the EU institutions and WIPO. ECIS' members include both large and small information and communications technology hardware and software providers, including IBM, McAfee, Opera, Oracle, and Red Hat. For further information, please see ECIS' website at www.ecis.eu. ECIS wishes to share its expertise in the paper attached.
Read full response

Meeting with Vivian Loonela (Cabinet of Vice-President Andrus Ansip)

15 Nov 2017 · Cybersecurity

Meeting with Stig Joergen Gren (Cabinet of Vice-President Andrus Ansip)

15 Nov 2017 · copyright, free flow of data

Meeting with Carl-Christian Buhr (Cabinet of Commissioner Mariya Gabriel)

4 Oct 2017 · European cybersecurity

Meeting with Julie Ruff (Cabinet of Commissioner Julian King)

21 Sept 2017 · Cybersecurity

Meeting with Severine Wernert (Cabinet of Commissioner Julian King)

12 Jun 2017 · Cybersecurity

Meeting with Vivian Loonela (Cabinet of Vice-President Andrus Ansip)

8 Jun 2017 · cybersecurity certification

Meeting with Bodo Lehmann (Digital Economy) and IBM Corporation and

1 Jun 2016 · cPPP

Meeting with Michael Hager (Digital Economy)

14 Oct 2015 · cloud and DSM