The DETANGLE cybersecurity project has kickstarted in Athens, aiming to help critical EU sectors navigate complex cybersecurity regulations.
The initiative aims to strengthen the effective implementation of the NIS2 Directive and its cybersecurity regulations across critical sectors in the European Union, such as energy, healthcare, transport, and digital infrastructure.
It will also examine compliance with two other key EU regulations: the Cyber Resilience Act (CRA) and the Cybersecurity Act (CSA).
The initiative, coordinated by ITML, has a total budget of nearly €7m, co-funded by the European Cybersecurity Competence Centre (ECCC).
Why is it so important to follow EU cybersecurity regulations?
In the interconnected landscape of the 2020s, the European Union’s move toward strict cybersecurity regulations is no longer a matter of choice but a strategic necessity for the following reasons:
Protecting critical sovereignty
By enforcing these regulations, the EU secures its technological sovereignty. As cyber threats don’t respect borders, a vulnerability in one Member State’s power grid or hospital system can ripple across the entire Union.
Standardising security ensures there is no “weakest link” that foreign adversaries or cybercriminals can exploit to destabilise the European economy.
Economic stability and consumer trust
Compliance is a powerful market signal. Cybersecurity regulations ensure that the financial sector can withstand and recover from digital disruptions, preventing systemic collapses.
For businesses, following these rules isn’t just about avoiding hefty fines (which can reach €10m or 2% of global turnover); it’s about building a certified brand that consumers can trust with their data.
Supply chain integrity
As of early 2026, the EU has intensified its focus on the ICT supply chain. By mandating “security-by-design,” the EU ensures that products reaching citizens are not pre-loaded with vulnerabilities or backdoors from high-risk third-country suppliers.
This proactive stance transforms cybersecurity from a reactive IT cost into a foundational pillar of European safety and democratic resilience.
Addressing challenges with implementing EU cybersecurity regulations
The NIS2 Directive, which tightens requirements for risk management, incident reporting, supply chain security, and certification processes, presents significant challenges for small and medium-sized enterprises (SMEs) and national authorities.
In addition, several key challenges need to be addressed, such as:
- Fragmentation among Member States
- A lack of technical capabilities within national bodies
- High adaptation costs for SMEs
- Risks associated with global supply chains
- A limited incident-reporting culture
- Emerging technological threats linked to Artificial Intelligence, IoT, and quantum computing
DETANGLE will address these issues by developing a range of innovative solutions, including an AI-based incident management platform to enhance detection, response, and collaboration between entities.
Creating a toolkit for monitoring and enforcement of regulations
The initiative also includes the creation of the NIS2 Compliance Tracker, a tool for gap analysis, compliance monitoring, reporting, and cybersecurity training.
Furthermore, DETANGLE will deliver a certification support framework that includes self-assessment modules and access to an up-to-date knowledge base.
The project will also develop a toolkit for monitoring and enforcing the CRA, the EU’s new law that mandates cybersecurity regulations for products with digital elements, focusing on compliance verification, accreditation, and risk notification.
Boosting cyber resilience across the whole EU
Overall, DETANGLE will boost cyber resilience across the EU, reduce compliance costs, strengthen cross-border cooperation, and provide direct support to SMEs and national authorities.
