Business group Ibec has warned that proposed changes to the EU Cybersecurity Act could threaten the stability of 18 critical industries and impose a €730 million cost on the Irish telecommunications sector alone.
The organisation has highlighted that the European Commission's proposal introduces "high-risk supplier" designations based on geopolitical origin rather than technical security flaws, overriding national security competencies.
According to a position paper from Ibec, the plan risks forcing sectors including health, energy, and finance, to remove deeply integrated ICT components that have supported business operations for decades.
The group said that the proposals lack a technical evidence base, as industry was not consulted.
Ibec has called for the supply chain proposals to be withdrawn pending a comprehensive impact assessment that involves consultation with affected sectors.
"Our position paper highlights that proposing rules driven by geopolitical developments, rather than evidence-based technical criteria, creates an unpredictable business environment and threatens the stability of essential services," said Áine Clarke, Ibec Digital & AI Policy Executive and paper author.
"Mandatory 'rip-and-replace’ laws will create unforeseen contractual liabilities and run contrary to the EU’s competitiveness, digitalisation, and environmental ambitions," Ms Clarke said.
Ibec said it is urging the European Commission to maintain a proportionate approach to cybersecurity regulation that is grounded in evidence and promotes EU competitiveness.
