Related items

Cisco is strengthening France’s role in the global digital economy with the launch of its Global AI Hub, announced at the 2025 Choose France Summit. The hub will focus on secure, energy-efficient artificial intelligence (AI) infrastructure, innovative cooling solutions for data centres and support for the startup ecosystem. To address future workforce needs, Cisco will also train 230,000 people in France over the next three years through its Networking Academy, covering fields such as cybersecurity, data science and AI. Building on nearly 400,000 individuals already trained in France, this investment supports Cisco’s EU-wide commitment to train 1.5 million people by 2030. Read more on Invested in Europe. 

The European Parliament’s November 2025 draft report on revitalising EU securitisation strengthens the Commission’s proposal by pushing further simplification, but it overlooks a central flaw in the framework: the misalignment between EU and non‑EU securitisations that continues to restrict EU investors’ access to global markets. Investor access should depend on whether sufficient information is available for due diligence, not on the use of a specific reporting template.

MEPs can make this fix by removing the template‑based verification requirement in Article 5(ii)(e) and anchoring investor due diligence in a clear, substance‑based ‘sufficient information’ standard. When combined with the Parliament’s encouraging simplification proposals, this targeted fix would lower operational costs, enable proportionate due diligence and strengthen market depth – all without weakening core safeguards.

The European Commission’s proposal to revise the Cybersecurity Act (CSA2) comes at the right moment, as Europe faces an evolving range of cyber threats. With its measures to reinforce ENISA and make harmonisation the key to a more resilient Single Market, the proposal brings the Act closer to the realities of today’s fast-moving cybersecurity ecosystem. 

However, the Commission’s proposal still fails to go far enough on providing a platform for more active industry engagement. It rightly formalises existing structures but falls short of creating mechanisms that allow for regular expert-level exchanges and meaningful industry feedback into the CSA2 framework, building on lessons learned from the past years. Such exchanges are essential, given industry’s role as a front-line defender against cyber threats. 

Now, as the file moves to the European Parliament and the Council of the EU, the co-legislators must ensure certification schemes under the CSA2 remain based on technical criteria. The EU’s cybersecurity needs should be a matter for sober, technical analysis. AmCham EU therefore supports the proposal's structural distinction between technical certification and non-technical supply chain risks. Maintaining this separation prevents restrictive requirements that limit choice, reduce competition and slow innovation. 

The same approach is necessary for the proposal’s provisions to secure critical infrastructure under the new ‘Trusted ICT Supply Chain Framework’ (Title IV). These measures must also be underpinned by an objective, evidence-based approach to ‘non-technical risks’. At the same time, measures involving restrictions on data transfers must be aligned with international agreements to avoid unintended disruptions to global operations. 

Ultimately, US companies share the EU’s commitment to securing the region’s digital resilience. AmCham EU members invest heavily in security and stand ready to support the delivery of a framework that keeps Europe open, secure and competitive.