European Cybersecurity Industry Leaders Propose Recommendations Towards European Cybersecurity Policy

  • The European Cybersecurity Industry Leaders (ECIL) is a working group of industry representatives, formed in 2015 to offer counsel to the EU Commission.

  • The ECIL working group comprises Thales, Atos, Airbus Group, Deutsche Telekom, Ericsson, Infineon, Cybernetica, F-Secure, BBVA and BMW.

  • This working group was created in order to draft a report providing to the European Commission recommendations towards European cybersecurity policy and the development of European cybersecurity leaders. The working group was convened by Thales and Atos.


At this year’s International Cybersecurity Forum in Lille, France, on 25th and 26th January, the ECIL members – represented by Marc Darmon, Executive Vice-President of Thales, Thomas Kremer, Board member for Data Privacy, Legal Affairs and Compliance at Deutsche Telekom and Philippe Vannier, Executive Vice President Big Data & Security for Atos – presented to M. Günther H. Oettinger, European Commissioner for Digital Economy and Society, a report, bringing together key recommendations for building a more cybersecure Europe and to encourage the emergence of European leadership in cybersecurity, a sector with an annual growth of approximately 10%.

Key recommendations made in the ECIL report include:


The establishment of voluntary certification processes at European level based on commonly agreed criteria between member states. Given the fragmentation of the European market, the ECIL believes a voluntary certification process is essential for the development of cybersecurity, in which legislation, standardisation and labeling represent the fundamental pillars of success. They would be designed specifically for manufacturers, solutions and service providers whose products and services would benefit from the seal of protection and security. Corporate bodies and consumers would therefore be able to better identify secure providers. Building on best practices and on other internationally recognised certifications, new security requirements or recommendations for labels would not be necessary.

The promotion of a “Secure-by-design” approach that envisions the development and production of more robust products, software and solutions. Cybersecurity should now be integrated as a mandatory requirement of critical information systems. This is already the case for the performance and resilience of systems, however, the architecture of critical information systems has to be designed with cybersecurity integrated from first principles rather than added at the end.

The creation of an international level playing field for cybersecurity and privacy: the ECIL welcomes the agreement reached by the EU-Institutions on the Network and Information Security directive which sets a framework for risk management requirements and standards across the EU for a fully operational and cybersecure European Digital Single Market. All players of the Information & Communication Technology (ICT) value chain should adhere to equal requirements concerning data confidentiality and cybersecurity regardless of where they operate. All operators share responsibility and interest in making these the guiding principles for member states. A European regulation allowing real-time sharing of data on cyber-attacks, including personal data such as IPs between private and public institutions, is also required.