OpenLobby.EU
Explore

International Information System Security Certification Consortium, Inc.

ISC2

ISC2 is a global non-profit association for cybersecurity professionals focusing on workforce development.

Lobbying Activity

Response to Report on the review of the Digital Decade Policy Programme

18 Dec 2025

Please find attached ISC2's position paper for the Call for Evidence on the review of the Digital Decade Policy Programme 2030. This submission supports the programme's objectives while advocating for explicit cybersecurity skills sub-targets in the digital skills pillar, backed by dedicated MFF funding to address workforce gaps and regulatory demands. We appreciate the opportunity to contribute and remain available for further engagement.
Read full response

ISC2 urges dedicated skills pillar in EU Quantum Act

15 Dec 2025
Topic — The EU Quantum Act aims to accelerate research, development, and industrial deployment of quantum technologies.
Message — ISC2 recommends a dedicated skills pillar to scale the European Quantum Skills Academy and talent-mobility. They also urge integrating the Post-Quantum Cryptography Roadmap to secure today's digital infrastructure. The group suggests aligning quantum-related competencies with existing cybersecurity frameworks and professional certifications.1234
Why — This would increase the market demand for ISC2’s professional cybersecurity training and certifications.56
Read full response

Response to EU Space Law: Union law for safe, secure and sustainable space activities

4 Nov 2025

ISC2 is pleased to share its feedback on the EU Space Act. Please find the complete response in the attached document.
Read full response

ISC2 urges simplified EU incident reporting rules

14 Oct 2025
Topic — The Commission plans to simplify digital rules and reduce business administrative burdens.
Message — ISC2 advocates for a 'report once' system with a single entry point. They propose using standardized templates to eliminate duplicate compliance work.1
Why — This reform reduces administrative strain and allows faster recovery from attacks.2
Read full response

Response to Revision of the Standardisation Regulation

18 Jul 2025

ISC2 welcomes the Commissions initiative to revise the Regulation (EU) No 1025/2012 to enhance EU competitiveness, innovation, and global standard-setting. We propose three recommendations to build a more inclusive standard-setting ecosystem, facilitate effective regulatory compliance, and strengthen cybersecurity, aligning with the EUs Standardisation Strategy and Digital Decade goals. 1. Expand Standardisation Requests to International Bodies The current Regulation limits standardisation requests to the three European Standardisation Organisations (CEN, CENELEC, ETSI). ISC2 encourages the Commission to expand this scope to include international bodies, notably the International Organization for Standardization (ISO). Enabling the Commission to rely on the work of internationally recognised bodies would streamline and accelerate the development of standards, enhance interoperability, and simplify compliance for businesses operating across jurisdictions. Expanding the scope to international bodies would also increase the potential for global market adoption of EU-led standards, supporting both European competitiveness and international influence. 2. Develop Harmonised Standards for Cybersecurity Skills ISC2 recommends extending harmonised standards to include cybersecurity skills. Currently, the EU has developed or initiated harmonised cybersecurity standards for ICT products and services. However, no equivalent standards exist for defining the competencies required of cybersecurity professionals. Developing dedicated standards for cybersecurity skills will help to clarify the personnel requirements for implementing various EU regulations, including NIS2, DORA, and CRA. Furthermore, this would ensure alignment with globally recognised workforce assessment and development initiatives as well as the competency standards required for effective compliance with these regulations across Member States. It could also operationalise the European Cybersecurity Skills Framework (ECSF), which aims to standardise cybersecurity roles and competencies. This would facilitate consistent training, improve cross-border recognition of qualifications, and help address workforce shortages by aligning education, professional certification, and recruitment practices throughout the Union. 3. Mandate a Structured Review of Existing Standards ISC2 also recommends explicitly embedding a requirement in the revised Regulation for the Commission to conduct a structured review of existing standards and widely adopted industry practices before launching new standardisation requests. This step, not currently required under Regulation (EU) No 1025/2012, would reduce duplication, ensure relevance, and allow new standards to build on proven frameworks already in use. This is particularly important in cybersecurity, where existing global standards (e.g. ISO/IEC 27001) are widely implemented. A formalised, early-stage review mechanism would strengthen the quality, acceptance, and uptake of harmonised standards across the EU. Together, these recommendations would improve the speed, inclusiveness, and international relevance of EU standardisation processes, while supporting EU objectives in cybersecurity workforce development, resilience, and industrial competitiveness.
Read full response

Meeting with Despina Spanou (Principal Adviser Communications Networks, Content and Technology)

25 Mar 2025 · Commission priorities on cybersecurity, and in particular the future of the Cybersecurity Skills Academy

Meeting with Jana Dabbelt (Cabinet of Commissioner Olivér Várhelyi)

25 Mar 2025 · Action Plan on the cybersecurity of hospitals and healthcare providers

Meeting with Aura Salla (Member of the European Parliament)

25 Mar 2025 · Introductory meeting, cyber security, priorities for the legislative term

Meeting with Max Uebe (Cabinet of Executive Vice-President Roxana Mînzatu)

24 Mar 2025 · Cybersecurity and skills

Meeting with Max Uebe (Cabinet of Executive Vice-President Roxana Mînzatu)

24 Mar 2025 · Presentation of ISC2 and exchange of views

Meeting with Brigitte Van Den Berg (Member of the European Parliament)

24 Mar 2025 · skills and certifications

Meeting with Marina Kaljurand (Member of the European Parliament)

1 Oct 2024 · Cyber skills

Meeting with Maximilian Strotmann (Cabinet of Commissioner Johannes Hahn)

30 Apr 2024 · public sector cybersecurity, data policies, digital transformation, GovTech

Meeting with Nora Bednarski (Cabinet of Commissioner Helena Dalli)

26 Sept 2023 · Exchange on ISC2 initiatives to boost diversity, gender equality and inclusion in the cybersecurity profession and related EU equality and employment policies.

Meeting with Christoph Nerlich (Cabinet of Commissioner Nicolas Schmit)

25 Sept 2023 · Meeting on cybersecurity skills.

Response to Evaluation of the European Union Agency for Cybersecurity (ENISA) and the European Cybersecurity Certification Framework

12 Sept 2023

ISC2 is the worlds leading nonprofit member organization for cybersecurity professionals focused on building a safe and secure cyber world. With over 500,000 members, associates, and candidates, globally, including 60,000 in Europe1. As a Permanent Observer on ENISAs Ad hoc Working Group2 on the European Cyber Security Skills Framework (ECSF) and a strong supporter of ENISAs mandate, ISC2 welcomes this opportunity to outline ENISAs strengths and its positive impact on driving a high common level of cybersecurity across the EU. Broad engagement across the cybersecurity ecosystem ENISA uses topic and area specific working groups to effectively engage and foster collaboration amongst a diverse community of stakeholders from industry, academia, and public sector, across the EU Members States, and internationally. Key channel for cybersecurity policy engagement and influence Resulting from ENISAs prestige and credibility, both in the EU and globally, and its role as convenor of dialogue and collaboration across the cybersecurity ecosystem, it offers a well-recognised, central channel for all interested parties to inform, shape and support cybersecurity policy in the EU. Harmonisation of standards ENISA serves a significant role by responding to the need for transnational frameworks and common lexicon through its cybersecurity certification schemes3. These schemes enable EU-wide recognition of cybersecurity solutions. For example, the ECSF4 has the potential for blueprinting and transforming cybersecurity teams across the EU. ISC2s research shows that harmonisation of standards is paramount to simplifying the landscape and achieving scale in cybersecurity capabilities5. It is, however, acknowledged that there are limits to the extent to which ENISA can mandate actions of Member States, resulting in some complexities and barriers in achieving trans-EU harmonisation. Forward looking By leading the expansion of cybersecurity requirements into the lifecycle of products and services, ENISA has demonstrated its readiness to respond to a changing technological landscape. ENISAs work on IoT, 5G standards and security, and post quantum integration are other examples of its future-oriented focus. ISC2 recommends that ENISA remain future-oriented and continues to maintain and build its international collaborations. As ENISAs remit grows in the context of current and new legislations5,6, ISC2 calls for capacity and resourcing within ENISA to be commensurate with its increasing mandate. ENISA, as is the whole of EU, dependent on having a large and skilled cybersecurity workforce to succeed in its overall goal of ensuring a high level of network and information security within the EU. ISC2 is proud to collaborate with ENISA and contribute to its important objective of strengthening the cybersecurity sector across the EU. With a current cybersecurity workforce gap of 260,000 individuals8, ISC2 is committed to working with ENISA to expand and enhance the cybersecurity workforce both within ENISA and across the EU. References: 1. ISC2 Membership. https://www.isc2.org/Insights/2023/08/ISC2-Announces-Major-Milestone-as-Community-Grows-to-Half-a-Million-Strong 2. ENISA Ad hoc Working Group on ECSF (2023-2025). https://www.enisa.europa.eu/topics/education/european-cybersecurity-skills-framework/adhoc_wg_calls_skills_2023 3. ENISA Cybersecurity Certification Schemes. https://certification.enisa.europa.eu/ 4. ECSF. https://www.enisa.europa.eu/publications/european-cybersecurity-skills-framework-role-profiles 5. ISC2 research on global cyber policy. https://static.rusi.org/rusi-global-approaches-to-cyber-special-resource_0.pdf 6. EU Cyber Resilience Act. https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act 7. EU Cyber Solidarity Act. https://digital-strategy.ec.europa.eu/en/policies/cyber-solidarity 8. (ISC)2 2022 Cybersecurity Workforce Study. https://www.isc2.org/Research/Workforce-Study
Read full response

Response to Cyber Solidarity Act

17 Jul 2023

(ISC)2 is an international nonprofit membership association focused on building a safe and secure cyber world. Our association has almost 500,000 members, associates, and candidates, globally, including 60,000 in the EU. (ISC)2 recognises the importance of building baseline cybersecurity practices across the EU to make organisations more cyber resilient and better protect individuals. The Cyber Solidarity Acts proposal of building a network of national and cross-border security operation centres and establishing a Cybersecurity Reserve of managed security service providers will enhance the capacity of Member States to detect and respond to cybersecurity incidents. The Commissions aim of pooling resources across Member States and building private-public partnerships to bolster collective cyber defense is a mainstay of many jurisdictions. Examples include the Cyber Incident Response scheme in the UK1, and the national information sharing structures in the U.S.2 The Commissions efforts are especially important in the current European context where the demand for cybersecurity professionals is outpacing supply, leaving a workforce gap of 260,000 individuals, and exposing organisations in Europe to cyberattacks due to lack of time for proper risk assessment, inefficiencies in patching critical systems, and misconfigured systems3. (ISC)2 supports the requirements for interoperability and standardisation across entities participating in the European Cyber Shield and the EU Cybersecurity Reserve achieved through a common taxonomy, terminology, and consistent processes. (ISC)2 encourages the Commission also to consider the competencies of the personnel in the participating entities through the same lens of standardisation. The draft legislation states that providers will need to demonstrate that their personnel have the highest degree of professional integrity, independence, responsibility, and the requisite technical competence to perform the activities in their specific field. (ISC)2 supports these requirements and contends that the legislation will be more effective if the personnel in these roles are required to have a baseline knowledge using industry certifications that comply with internationally recognised quality assurance controls such as ISO/IEC 17024. This will give EU legislators even greater confidence in providers expertise and enable personnel to converse more effectively across functions and Member States. (ISC)2 recommends mapping the roles required within the participating entities to the European Cyber Security Skills Framework (ECSF) and adopting globally recognised professional certifications to qualify and augment the competencies of the personnel in those roles. An initial analysis suggests that the role profiles listed in the ECSF4, Cybersecurity Implementer, Cyber Incident Responder, and Cybersecurity Risk Manager are particularly relevant to providers. (ISC)2 certifications, including CISSP, SSCP, and CGRC5, are underpinned by common bodies of knowledge that map strongly to ECSF roles. These certifications demonstrate an individuals knowledge, skills and abilities that enable them to perform these roles effectively. (ISC)2 would welcome the opportunity to collaborate with the Commission to develop a robust approach for validating and building the skills needed to boost the EUs capacity to detect, prevent, and respond to cyber threats and incidents. 1. NCSC Cyber Incident Response. https://www.ncsc.gov.uk/information/cir-cyber-incident-response 2. Critical Infrastructure Threat Information Sharing Framework. https://www.cisa.gov/sites/default/files/publications/ci-threat-information-sharing-framework-508.pdf 3. (ISC)2 2022 Cybersecurity Workforce Study. https://www.isc2.org/Research/Workforce-Study 4. ECSF. https://www.enisa.europa.eu/publications/european-cybersecurity-skills-framework-role-profiles 5. (ISC)2 Certifications. https://www.isc2.org/Certifications
Read full response

Response to Key performance indicators for the Digital Decade policy programme 2030

13 Mar 2023

(ISC)² is an international nonprofit membership association focused on building a safe and secure cyber world. We have more than 350,000 members, associates, and candidates globally, including over 40,000 in the EU. Our membership consists of certified cybersecurity professionals responsible for securing our governments, economies, critical infrastructure, and personal information. (ISC)2 applauds the European Commissions vision to build a sustainable and resilient digital economy across the EU through its twin strategies of strengthening digital infrastructure and building digital skills. We support the Commissions efforts to set out key performance indicators (KPIs) based on which the Member States and the Commission shall measure the progress towards the digital targets established by the Digital Decade programme 2030. (ISC)2 offers recommendations for enhancing the skills-based KPIs to make them more holistic and specific to inform the development of relevant interventions and effective recording of outcomes. Cybersecurity skills complement the five dimensions included in the above basic digital skills. (ISC)2s response [1] to the Commissions consultation on improving the provision of digital skills, demonstrated that digital skills are inclusive of cybersecurity skills. However, the EU is facing a significant shortage of cybersecurity professionals as revealed by the 2022 (ISC)2 Workforce Study. [2] (ISC)2 also made the case [3] that cyber workforce shortage in the EU will worsen as more professionals with cybersecurity expertise (specialists and generalists) will be needed to comply with the Cyber Resilience Act requirements. Therefore, (ISC)2 encourages the Commission to either extend the dimension of safety skills to incorporate cybersecurity skills or to articulate the interdependence between the five dimensions and cybersecurity. The Commissions target of facilitating employment of at least 20 million ICT specialists within the Union, and its ambitions to improve digitisation, leverage cloud computing, optimise big data, and exploit emerging technologies, means that these specialists also will require foundational expertise in cybersecurity to ensure that infrastructure, data and digital services remain secure. To support the development of foundational cybersecurity knowledge, (ISC)2 has introduced the Certified in Cybersecurity certification [4] which covers five areas: Security Principles; Incident Response, Business Continuity and Disaster Recovery; Access Control; Network Security; and Security Operations. (ISC)2 offers support to the Commission in its objective of building and measuring ICT workforce capacity in the EU with cybersecurity expertise. The Commissions KPI of widening participation by women in digital professions is a goal shared by (ISC)2. Through its One Million Certified in Cybersecurity initiative, (ISC)2 aims to advance diversity in the cybersecurity workforce. (ISC)2 endorses the Commissions efforts to increase gender diversity in the ICT sector, but also encourages the Commission to broaden its diversity ambitions to encourage more individuals from a wide age range, diverse educational, ethnic, and socio-economic backgrounds to join the sector. [1] (ISC)2 response to the Commissions Consultation on Digital Skills. https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/13208-Digital-skills-improving-their-provision/F3339696_en [2] (ISC)2 Cybersecurity Workforce Study. https://www.isc2.org/Research/Workforce-Study [3] (ISC)2 response to the Commissions Consultation on CRA. https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/13410-Cyber-resilience-act-new-cybersecurity-rules-for-digital-products-and-ancillary-services/F3375883_en [4] (ISC)2 Certified in Cybersecurity. https://www.isc2.org/certified-in-cybersecurity [5] (ISC)2 One Million Certified in Cybersecurity. https://www.isc2.org/1mcc
Read full response

Meeting with Anouk Faber (Cabinet of Commissioner Nicolas Schmit), Christoph Nerlich (Cabinet of Commissioner Nicolas Schmit)

1 Mar 2023 · Meeting on the European Year of Skills and digital skills.

Meeting with Anouk Faber (Cabinet of Commissioner Nicolas Schmit), Christoph Nerlich (Cabinet of Commissioner Nicolas Schmit) and AK Public Affairs

28 Feb 2023 · Meeting on the Pact for Skills and Digital Skills.

Meeting with Nicola Danti (Member of the European Parliament, Rapporteur) and Bureau Européen des Unions de Consommateurs and

27 Feb 2023 · Stakeholder consultation on the Cyber Resilience Act

(ISC)² Urges EU To Tackle Critical Cybersecurity Skills Shortage

20 Jan 2023
Topic — The initiative sets cybersecurity requirements for manufacturers and vendors of digital products.
Message — (ISC)² urges the Commission to prioritize interventions to expand the cyber workforce. They propose extending training requirements to all economic operators and providing subsidized certifications.123
Why — Mandating advanced training would increase global demand for the organization’s specialized certifications.45
Impact — Small businesses without security professionals face increased risks and compliance difficulties.67
Read full response

Meeting with Chris Uregian (Cabinet of Vice-President Margaritis Schinas)

26 Oct 2022 · Cybersecurity skills academy

Response to Improving the provision of digital skills in education and training

15 Sept 2022

ISC)² is an international nonprofit membership association focused on building a safe and secure cyber world. Our membership, over 171k strong globally, with more than 25k members throughout Europe, consists of certified cybersecurity professionals responsible for securing our governments, economies, critical infrastructure and personal information. (ISC)2 certifications – including the CISSP, CCSP, SSCP and CSSLP – have been accredited against the ANSI (ISO/IEC 17024) standard. (ISC)² is responding to the Proposal for a Council recommendation on improving the provision of digital skills in education and training, to share our unique perspective and research-based insights. (ISC)² agrees that digital skills are fundamental for societal and economic growth, and that they must be inclusive of cybersecurity skills and our research shows that the lack of cybersecurity skills necessary to address complex information security across a variety of current and emerging domains throughout Europe and the world is of crisis proportions. To help ensure that 70% of 16–74–year–olds have the necessary digital skills by 2025, (ISC)² believes it is important to encourage earning ICT and cybersecurity certifications that are recognised across the EU as an effective means to validate the digital knowledge, skills and abilities of the workforce. According to the (ISC)² 2022 Cybersecurity Workforce Study, the EU is facing a workforce gap of just under 317,000 cyber professionals. To counter the workforce gap and make a career in cybersecurity more accessible, (ISC)² has introduced the (ISC)2 Certified in Cybersecurity entry-level certification. Anyone earning the (ISC)² Certified in Cybersecurity certification demonstrates they have the foundational knowledge, skills and abilities to take on entry- and junior-level cybersecurity roles, enabling employers to more confidently build resilient teams across all experience levels. The (ISC)² Workforce Study shows that strong communication skills, problem-solving abilities, curiosity and eagerness to learn are among the most important nontechnical skills for a successful cyber career. The study further confirms that technical skills can be taught, and employers should recruit from adjacent disciplines, hire for nontechnical skills and train technical skills on-the-job. (ISC)² fully supports digital skills development at all stages of education. Promoting cyber as a career option earlier in education and sharing the wide array of skillsets needed and career paths available, opens the door for more diversity in the profession. (ISC)² has committed to providing free Certified in Cybersecurity self-paced courses and exams to one million new professionals globally beginning careers in cybersecurity. As part of our One Million Certified in Cybersecurity Program, (ISC)² has pledged to direct half toward underrepresented groups within the profession with a focus on institutions and initiatives focused on women, ethnic minorities, and other underrepresented groups. Providing employers with access to subsidised training and certifications for cyber programs enables employee investment at all levels. This is essential for a well-rounded cyber workforce and a secure organisation. According to the EU, only 20% of organisations are investing in ICT training for staff. (ISC)² Workforce Study shows only 32% of respondents plan on increasing investments in training yet Eurostat statistics show training is crucial to enhance or equip employees with new ICT skills. Developing digital skills requires collaboration and diversity across the cyber ecosystem and strong partnerships between government, industry and professional associations.
Read full response