NCC Group
NCC Group is a people-powered, tech-enabled global cyber security and software escrow business.
ID: 382967795942-85
Lobbying Activity
Response to Digital package – digital omnibus
14 Oct 2025
Please find submission attached.
Read full responseResponse to International Digital Strategy
20 May 2025
NCC Group (trading as Fox-IT in the Netherlands) is a leading pan-European cybersecurity company. We protect many of the key digital products and systems that are used daily by European Union (EU) citizens, have over 25 years experience of delivering digital resilience services and are trusted partners to governments in Europe and around the world. Against this backdrop, we welcome the upcoming International Digital Strategy and respectfully request the European Commission to: 1) Pursue a more structured tech policy collaboration with the United Kingdom (UK): The UK remains one of the EUs closest digital and strategic allies, with many providers operating across both jurisdictions and managing cross-border data flows, infrastructure, and services. With deeply interconnected digital infrastructures and businesses operating seamlessly across borders, regulatory coherence between the UK and EU is essential to ensure economic growth and innovation at scale. As a UK-headquartered business with significant operations across the EU and beyond, we see firsthand the challenges our clients face complying with multiple and often unaligned cybersecurity regulatory regimes the majority of which seek the same safety and security outcomes. We were pleased to see the commitments outlined in the recent EU-UK Security and Defence Partnership on cyber, including cooperation on policy frameworks. The upcoming Strategy presents an opportunity to deliver on this commitment, better align policy frameworks to ensure business growth, and jointly develop rules-based principles capable of setting global standards. The Strategy should also strive to reaffirm a renewed commitment to deeper EU-UK digital policy cooperation using, as a blueprint, the dialogues already taking place at security and defence levels. 2) Acknowledge that cybersecurity knows no borders. When it comes to tackling cyber threats, no country is an island. The criminal landscape is complex, involves many actors and the complicit involvement of nation states, with cyberattacks very rarely originating from the EU alone. Through our work supporting victims, we see firsthand how the impact of, and response to, cyber incidents can span multiple countries and even continents. We welcome the EU and Member States efforts of recent years to enhance global cooperation on cybersecurity through partnerships like the Counter Ransomware Initiative, and urge continued operational collaboration and information sharing. 3) Consider the essential role of trusted providers from like-minded countries: Todays digital landscape is shaped by rapid technological shifts and geopolitical uncertainty. In this context, digital sovereignty is understandably a strategic priority. However, we urge the EU not to take a one-size-fits-all approach, but rather consider what steps need to be taken to create a trusted digital ecosystem with like-minded partners around the world. The International Digital Strategy presents an opportunity to set out a practical roadmap for cooperation. This should include structured bilateral dialogues to align on policy priorities, reinforced partnerships in research and innovation, and formal recognition of technology service providers from trusted third-party countries. Such concrete measures are essential to turn strategic ambition into tangible impact. Cybersecurity providers headquartered in trusted non-EU countries, that meet clearly defined integrity, security and accountability standards, can be relied upon to support the EUs cyber defence programs particularly where there may be gaps in skills, capabilities and technologies. We also urge the EU to accelerate Mutual Recognition Agreements that enable cybersecurity providers to support organisations with compliance assessments for the Cyber Resilience Act. Doing so would reduce regulatory burdens, provide clarity for companies operating across borders, and contribute to shared international standards in cybersecurity.
Read full response