The article critiques the growing regulatory burden in European cybersecurity compliance, highlighting that security certifications and labels, promoted as quality marks by firms like Belgium's Approach Cyber, instead function as costly barriers for small and medium enterprises (SMEs). It argues that overlapping regulations such as GDPR, NIS2, DORA, and the Cyber Resilience Act create complex, expensive compliance demands that favor large vendors and consultants while stifling innovation and agility among smaller businesses. The piece emphasizes that this regulatory complexity undermines digital freedom and does not effectively address underlying security challenges, especially for organizations lacking specialized expertise.
