OpenLobby.EU
Explore

Kaspersky Labs Limited

Kaspersky is a global cybersecurity and digital privacy company founded in 1997, with a holding registered in the United Kingdom.

Lobbying Activity

Response to Digital package – digital omnibus

13 Oct 2025

Kaspersky, a global cybersecurity company committed to supporting secure and resilient digital infrastructure across the EU and globally, welcomes the European Unions efforts to reduce the administrative costs for compliance for businesses, administrations and citizens in the European Union in application of several regulations of the Unions digital acquis without compromising the objectives of the underlying rules. Kaspersky places the security of all digital exchanges at the heart of its mission. We very much welcome the fact that the European Commission is focusing its measures on data legislation, including rules on cookies and other tracking technologies, cybersecurity incident reporting, and targeted adjustments to the Artificial Intelligence Act to ensure the optimal application of the rules. The detailled feeback-document you will see in the attached PDF file.
Read full response

Response to Action plan against cyberbullying

18 Sept 2025

Kaspersky, a global cybersecurity company with extensive experience and expertise in protecting children online, welcomes the European Commission's initiative to develop an Action Plan Against Cyberbullying. We believe that a coordinated EU approach is essential to tackle the growing trend of abusive behaviors online, particularly among minors. Cyberbullying can have severe consequences, including emotional distress, social isolation, and even physical harm. In the attached feedback paper, we share our insights and recommendations drawing on our work in Europe and worldwide to support the development of an effective Action Plan.
Read full response

Response to The EU Cybersecurity Act

24 Apr 2025

Kaspersky, a global cybersecurity company committed to supporting secure and resilient digital infrastructure across the EU and globally, welcomes the European Commissions initiative to revise the Cybersecurity Act. We recognize the CSAs pivotal role in defining the EUs cybersecurity governance and certification landscape and we are grateful for the opportunity to share our experience and to provide feedback. Please find our detailed feedback in the attached PDF.
Read full response

Response to Protection of Minors Guidelines

30 Sept 2024

Kaspersky appreciates the opportunity provided by the European Commission to present its feedback to the draft guidelines to enforce the protection of minors online within the Digital Services Act. As a global cybersecurity leader, Kaspersky strongly believes that creating a safe online environment for children is a top priority that will shape our future, helping them thrive both in the digital world and in real life. In the attached submission, Kaspersky shares several suggestions regarding areas which could be reflected in the proposed guidelines.
Read full response

Response to Rules specifying the obligations laid down in Articles 21(5) and 23(11) of the NIS 2 Directive

24 Jul 2024

Kaspersky welcomes the Commissions Implementing Regulation proposal, which establishes rules for applying Directive (EU) 2022/2555, in particular on technical and methodological requirements of cybersecurity risk-management measures and further specifies cases in which incidents are deemed significant for specific entities. We appreciate the opportunity to provide feedback and contribute to the discussions leading up to the publication of this Implementing Regulation. Please find Kaspersky's feedback in the attached document.
Read full response

Response to Network Code on Cybersecurity

17 Nov 2023

Kaspersky welcomes efforts by the European Commission to elaborate and implement Union-wide cybersecurity legislation on cross-border electricity flows, as it clearly reflects the EUs aspiration to ensure safe and sustainable development of the cyber domain. The following submission (see PDF) is based on our profound expertise in cybersecurity and our extensive experience engaging in national and international discussions on information and communication technologies. It includes general comments as well as an opinion on selected provisions of the draft regulation and its annexes.
Read full response

Meeting with Bart Groothuis (Member of the European Parliament)

13 Nov 2023 · Cybersecurity

Response to Voluntary cybersecurity certification for ICT products, based on a Common Criteria set of security requirements

30 Oct 2023

Kaspersky, a leading international cybersecurity company, has a long and successful record of contributing to developing certification and technical standards in the IT domain by national authorities and international organizations. The following submission is based on our profound expertise in cybersecurity and extensive experience engaging in national and international discussions on information and communications technologies and includes general comments as well as an opinion on selected provisions of the draft regulation and its annexes. Please find the submission in the attached PDF file.
Read full response

Response to Evaluation of the European Union Agency for Cybersecurity (ENISA) and the European Cybersecurity Certification Framework

14 Sept 2023

In a rapidly evolving digital world, the need for robust cybersecurity measures has never been more apparent. As a global cybersecurity company with more than 25 years of experience, Kasperskys overarching objective is to strengthen cybersecurity around the world by sustainably leveraging the potential of digitalization in government, administration, business and society. We are grateful for the opportunity to share our insights and to provide feedback. ENISA's commitment to elevating cybersecurity within the European Union is evident through its active endeavors to facilitate collaboration among member states, provide comprehensive guidance, and enhance cybersecurity capabilities. The agency's role in coordinating cross-border cybersecurity exercises has significantly improved incident response coordination among EU member states, thereby amplifying their collective cyber-resilience. However, we acknowledge that ENISA is now assuming expanded responsibilities, particularly in line with the NIS2 Directive and Cyber Resilience Act, and this introduces new challenges. It will be an essential task to accompany the expansion of tasks with an appropriate budget and staffing in order to ensure high-quality and timely action in all its fields of activity. In the attached PDF you will find Kaspersky's detailled feedback.
Read full response

Response to Key performance indicators for the Digital Decade policy programme 2030

6 Mar 2023

Kaspersky very much welcomes the Commissions draft implementing the decision on setting out key performance indicators (KPIs) to measure the progress towards the digital targets established by Article 4(1) of Decision (EU) 2022/2481 of the European Parliament and of the Council. We are grateful for the opportunity to provide our feedback to the draft implementing decision. We share the Commissions views regarding the importance of setting clear and quantifiable targets to ensure that progress can be continuously evaluated, and that new approaches can be developed where progress is deemed insufficient. As a global cybersecurity company with a strong European footprint, we have examined the Digital Decade Policy Programme 2030 and the suggested KPIs, with a particular focus on the importance of cybersecurity and cyber-resilience. You will find our feedback in the attached PDF.
Read full response

Response to Cyber Resilience Act

20 Jan 2023

Kaspersky values and supports the continuous efforts of the European Commission to strengthen cybersecurity in the European Union (EU) and, particularly, to introduce horizontal legislation to improve the security of products with digital elements and thus to enable businesses and consumers to use such products securely. Kaspersky hopes the suggestions and feedback in this paper to the Proposal for Regulation on horizontal cybersecurity requirements for products with digital elements (further the Proposal) may be of value in the legislative process. In general, we would like to underline our strong support for the establishment of new risk- and fact-based rules proposed within the Cyber Resilience Act (CRA) and, in particular, to the approach to develop objective-oriented and technology neutral requirements. Last year we took part and shared our views in the context of the Call for Evidence. Previously, we were among the invited participants for the survey implemented by ICF, Wavestone, CARSA and CEPS whose results were used as a source for, inter alia, legislative efforts. In particular, the lack of universal baseline security requirements for digital products and services has been highlighted as one of the much-needed steps taken to address systemic vulnerabilities in cyberspace. Based on our broad experience in investigating these challenges with a diverse multi-stakeholder community, Kaspersky is grateful for the opportunity to comment on the draft. In the PDF attached, we highlight areas where further improvement could be achieved to bring more clarity and effectiveness to future legislation.
Read full response

Response to Cyber Resilience Act

24 May 2022

Kaspersky very much welcomes the fact that the European Commission, in the spirit of a good legislative process, is offering the various stakeholders the opportunity to share their ideas to the upcoming Cyber Resilience Act. Kaspersky hopes that this paper could be of value in the further legislative process. If any additional information regarding this paper and the different policy questions is needed, Kaspersky is happy to support in the upcoming month. The European Commission has identified the most important challenges of and risks for cyber resilience in the Call for Evidence for an Impact Assessment. Those include: the necessity to strengthen security in modern digital products and ancillary services; lack of qualified security professionals on the ICT market; and lack of incentives for both consumers and manufacturers to assess more the security of the products and services as well as to invest more into their security, respectively. In this regard, Kaspersky appreciates the intentions and objectives of the European Commission to enhance and ensure a consistently high level of cybersecurity of digital products and ancillary services. In addition to that, Kaspersky agrees that improvement of the functioning of the internal market by levelling the playing field for vendors of such products and services is of great importance. It is indeed critical that that digital products and services which European citizens, societies and economies rapidly rely on are trusted and secure. Kaspersky therefore welcomes the upcoming Cyber Resilience Act as horizontal legislation addressing all relevant aspects of the cybersecurity of digital products and services, and thus to complement the existing EU legislation in this field (i.e., the NIS 2.0 Directive and the Cybersecurity Act). Kaspersky was among invited participants to the survey within the ‘Study on the need of cybersecurity requirements for ICT products’ (VIGIE 2020-0715 ) commissioned by the European Commission and implemented by the ICF, Wavestone, CARSA and CEPS. In this survey, Kaspersky shared that the horizontal legislation would allow to harmonize the EU regulatory landscape and thus avoid overlapping requirements for different industries and sectors, and requirements stemming from different pieces of legislation. Furthermore, Kaspersky, together with Cigref, GEODE and more than 30 organizations in the Working Group 6 of the Paris Call for Trust and Security in Cyberspace, has developed an analytical report on policy gaps in ICT supply chain security , where these issues have been discussed as well. In particular, a lack of incentives for both manufacturers and consumers of digital products and services as well as risks of fragmentation in emerging regulatory approaches and developing standards have been highlighted to pose additional security threats. The final report also provides a detailed analysis of key incentives on the market – from the user side (both advanced and mainstream users), from the government side, and from the private sector, which can play a crucial role affecting a more security-orientated behavior of market agents. More information can be found in the attached document.
Read full response

Response to Policy Program - Digital Decade Compass

9 Jul 2021

Kaspersky very much welcomes the Commission’s Communication on the Digital Decade, and we are thankful for the opportunity to provide our feedback to the roadmap of the Digital Compass Policy Programme. We share the Commission’s views regarding the importance of setting clear and quantifiable targets so that progress can be continuously evaluated and new approaches developed where progress is deemed insufficient. The four cardinal points of the 2030 Digital Compass – (i) a digitally skilled population and highly skilled digital professionals, (ii) secure and substantial digital infrastructure, (iii) digital transformation of businesses, and (iv) digitisation of the public sector – are in our point of view very well suited to translating the EU’s ambition for a successfully digitised Europe by 2030 into common concrete objectives. In addition, it is very reasonable to use the Digital Economy and Society Index (DESI) as a basis for measuring success, but to further expand and adapt it for this purpose. Furthermore, we appreciate very much the plan to establish a stakeholder forum composed of private and public actors to gather technical input and conduct outreach activities. As a global cybersecurity company with a strong European footprint, we have examined the 2030 Digital Compass, in particular with a view to the importance of cybersecurity and cyber-resilience. We did this especially because appropriate cybersecurity is a prerequisite and a success factor for digitization. That is why this point should be given due consideration in the objectives. A simple consideration of the economic consequences of cybercrime illustrates this: according to the report ‘Cybersecurity – Our Digital Anchor’ by the Joint Research Centre (JRC) of the European Commission, the global annual cost of cybercrime has significantly increased, up from EUR 2.7 trillion in 2015 to EUR 5.5 trillion by the end of 2020. The European Union and Member States have already started to pay more attention to the issue of cybersecurity. We believe that it is imperative that this is translated into tangible forward-looking policy objectives that ensure that European citizens and businesses operating and investing in the European digital single market can enjoy the perks of digitisation without suffering from its perilous side-effects, such as data breaches, identity theft, or ransomware attacks. Please find the Kaspersky feedback paper in the uploaded PDF document.
Read full response

Meeting with Mikuláš Peksa (Member of the European Parliament)

12 May 2021 · Directive on Security of Network and Information Systems

Meeting with Mikuláš Peksa (Member of the European Parliament)

7 May 2021 · Directive on Security of Network and Information Systems

Response to Revision of the NIS Directive

5 Mar 2021

Kaspersky welcomes the Commission’s new proposal (further – proposal) on measures for a high common level of cybersecurity across the Union, which revises Directive 2016/1148 on the security of network and information systems (NIS Directive). We are glad to see that many recommendations made by various stakeholders, including Kaspersky, have been taken into account in the published proposal, and we believe that the proposal is an important and positive step forward in enhancing cybersecurity across the EU. The proposal extends the scope to new sectors, provides a clear definition of essential and important entities, contains stricter requirements and enforcement measures, introduces new rules on vulnerability disclosure and the security of supply chains, as well as provides provisions on stronger Member State cooperation and coordination. We are grateful for the opportunity to share further feedback and thus to contribute to the discussions leading up to the publication of this new Directive. You will find our feedback in the attached document.
Read full response

Response to Preventing and combatting gender-based violence

11 Jan 2021

Kaspersky welcomes the Commission’s approach of asking different stakeholders for feedback about the planned legislative proposal to prevent and combat specific forms of gender-based violence. We are therefore very pleased to provide feedback on the Inception Impact Assessment of the initiative. As a global cybersecurity company with a strong footprint in Europe, we fully share the Commission’s assessment that gender-based violence increasingly takes place online. To be more precise, it often takes place in both the physical world and the online world. A European Institute for Gender Equality research paper (https://eige.europa.eu/news-and-events/news/cyber-violence-growing-threat-especially-women-and-girls) states that "seven-in-ten women (70%) who have experienced cyber-stalking, have also experienced at least one form of physical or/and sexual violence from an intimate partner”. This shows quite clearly that physical and online violence are often two sides of the same coin. Because of that, we think a holistic approach is necessary when it comes to preventing and combatting gender-based violence and domestic violence. In that context, we would like to draw attention to a specific form of online violence, namely stalkerware. Stalkerware is commercially available software that allows perpetrators to spy on other people unnoticed. It is often used to abuse the privacy of current or former partners in a manner that can facilitate surveillance, harassment, abuse and stalking. Stalkerware is easily installed as an application on the targeted victim’s smartphone or tablet. Once in place, the perpetrator receives access to a range of personal data, despite being remote from the victim: text messages, voicemails, call information, GPS location, photos and any web searches or social media activity. These applications can be openly bought online. Stalkerware has mechanisms that allow the app to remain hidden on the phone, making it hard to notice. This includes hiding the stalkerware icon in the phone menu and even deleting the app’s logs and cleaning any other traces it has made. The marketing of stalkerware is not illegal, but its use without the victim’s consent clearly is. This vague legal framework is something perpetrators benefit from. In April 2020, Kaspersky experts published an updated report (available in six languages) on the state of stalkerware (https://stopstalkerware.org/wp-content/uploads/2020/06/The-State-of-Stalkerware-in-2019-English.pdf) and endorsed by the Coalition Against Stalkerware (https://stopstalkerware.org/). According to the report, by the end of 2019 the number of mobile users who had encountered stalkerware rose by 67%: 40,386 unique users were attacked in 2018, while in 2019 this number increased to 67,500. In our view, that shows there is an urgent need to tackle this issue. In Europe, the three countries with the largest share of users attacked with stalkerware are Germany (3.1%), Italy (2.4%) and France (1.8%). In our opinion, no software program should engage in monitoring or surveillance without: (i) the user’s consent; (ii) persistent notification to that user; and (iii) clearly marked icons on the user’s device that highlight both the software’s presence and its functionality. We ask the Commission to take action against software that engages in stealthy surveillance or does not meet these three basic criteria. Preventing and combatting gender-based violence and domestic violence is an important task for the EU. This applies to all types of violence. Therefore, a new directive should also holistically address the aspects of online violence, including the issue of stalkerware, in order to define uniform requirements for surveillance software at EU level and to ban software that does not meet those requirements. In addition, the EU should implement non-legislative instruments like funding for capacity building, training and support services.
Read full response

Response to Revision of the NIS Directive

22 Jul 2020

Kaspersky strongly supports the EU in its efforts to substantially and sustainably strengthen the resilience of networks and systems against cybersecurity risks. We also see the need to harmonize the European Digital Single Market and to reduce the fragmentation that has resulted from different legislation, varying implementation of the Directive, and the numerous definitions that exist in the Member States. For example, operators of essential services (OES) and digital service providers (DSP) have to comply with different requirements for incident reporting. In Europe, there exist different time frames, reported information is duplicated, and addressees differ from European bodies such as the ECB for ECB cyber-incidents, to national NIS authorities under the NIS Directive. As a global cybersecurity company, we see the need to create a coherent and harmonized common level playing field for OES as well as for DSP across the EU. Common and harmonized cybersecurity rules at EU level are, from our point of view, the most effective way to achieve a higher level of cyber-resilience and to promote the digital single market. The EU is the largest cybersecurity and data market in the world. As with GDPR, a revised NIS Directive could serve as a blueprint for other regions and thus contribute to global harmonization and standardization in the field of the security of network and information systems. Key ideas and suggestions Kaspersky shares the Commission's assessment that, since its adoption, the NIS Directive has supported and further enhanced the development of cybersecurity capabilities within EU Member States. The progress made relates to all three areas of the NIS Directive: (i) national capabilities; (ii) cross-border collaboration; and (iii) national supervision of critical sectors. However, we observe constantly evolving threat scenarios and expanding attack surfaces, putting network and information systems at risk. We largely support policy option 3, namely introducing targeted changes to the current NIS Directive with a view to clarifying certain provisions and improving harmonization of the current rules. Although the empirical results of the OES report showed several persistent inconsistencies that can best be resolved by legislative changes, we remain cautious about adopting a completely new legislative act as outlined in policy option 4. Although well intentioned, the latter would mean a time-consuming process that might not keep pace with the ever-evolving specifics of cyber and IT security and upcoming new technologies. Therefore, we call instead for an approach that addresses the most pressing problems primarily by revising certain aspects of the NIS Directive. With this, we refer to one further aspect: the revision of the NIS Directive comes together with the parallel update of European Critical Infrastructure (ECI) Directive 2008/114/EC. Interplay of the ECI and the NIS Directive We recommend integrating the older ECI Directive into the NIS Directive to achieve harmonization and to support the digital single market. The fact that the ECI and NIS Directives are currently being revised by two different Directorates is primarily due to the history of the development of both Directives. The ECI Directive arose from the fight against terrorist threats, and in 2008 focused exclusively on the transportation and energy sectors. The 2016 NIS Directive has a more comprehensive horizontal approach. Kaspersky believes that the NIS Directive is the more appropriate instrument for addressing security risks and digital threats, including cyberterrorism. In order to avoid any kind of duplicated legislation, we call for a more integrated and combined approach that brings together the overlapping points of the two directives within the NIS Directive. Further information you will find in the attached PDF file.
Read full response

Meeting with Anthony Whelan (Cabinet of President Ursula von der Leyen)

3 Jun 2020 · Cybersecurity and digital transparency

Meeting with Roberto Viola (Director-General Communications Networks, Content and Technology)

15 May 2020 · Cybersecurity (virtual)

Meeting with Alejandro Cainzos (Cabinet of Executive Vice-President Margrethe Vestager)

7 May 2020 · To discuss cybersecurity, privacy and digital transparency

Meeting with Ingrid Bellander Todino (Cabinet of Commissioner Julian King)

23 Jan 2017 · Cybersecurity