Acronis champions ENISA’s EU Vulnerability Database for enhanced cybersecurity in Europe

The European Union Agency for Cybersecurity (ENISA) has taken a significant step toward bolstering Europe’s cybersecurity landscape with the launch of the EU Vulnerability Database (EUVD). This centralized platform, mandated by the NIS 2 Directive, aims to streamline software vulnerability disclosures across the continent.

As a leader in cyber protection, Acronis is proud to align with this transformative initiative, integrating EUVD into our operations to support the EU’s cybersecurity priorities and enhance digital resilience for businesses and organizations.

The EUVD marks a significant step toward European cyber sovereignty and regulatory compliance. With the Cyber Resilience Act (CRA), which entered into force in December 2024 and will begin enforcing mandatory vulnerability reporting in September 2026, the EUVD will play a pivotal role in ensuring vendors disclose exploited bugs within stringent timelines, such as the 24-hour requirement outlined in the CRA. This fosters a transparent and responsive cybersecurity ecosystem tailored to products marketed or used within the EU.

The EUVD also strengthens integration with Europe’s incident response framework, including ENISA, CERT-EU and national Computer Security Incident Response Teams (CSIRTs). By incorporating data from sources like MITRE CVE, CISA’s Known Exploited Vulnerabilities Catalog and vendor advisories, the EUVD enriches vulnerability information with EU-specific threat intelligence and mitigation guidelines. This ensures faster, more actionable updates compared to global databases, which may experience delays or lack regional focus. For example, the recent CVE-2025-4664, a high-severity flaw in Google Chrome, highlights the importance of timely patches and coordinated disclosures — both of which the EUVD is designed to facilitate.

Furthermore, the EUVD promotes open standards and interoperability, potentially refining frameworks like CVSS and CWE to align with European priorities. By offering a multilingual, EU-tailored platform, it builds public trust and addresses concerns about external influence, positioning the EU as a global leader in cybersecurity governance.

Acronis recognizes the EUVD’s importance for cybersecurity compliance and resilience. To support this initiative, we are integrating EUVD IDs alongside traditional CVEs in our vulnerability assessment (VA) reporting, particularly within our EU data centers. This dual-ID approach ensures that our customers benefit from both global standards and the EU’s localized, regulatory-driven framework, providing comprehensive visibility into vulnerabilities affecting their systems.

Our #CyberFit Score tool empowers organizations to quickly identify systems requiring immediate attention, aligning with the EUVD’s focus on real-time enforcement and transparency. Meanwhile, Acronis Remote Monitoring and Management (RMM) with integrated patch management streamlines the process of applying patches, ensuring compliance with CRA mandates and minimizing risks across managed systems.

“Acronis is dedicated to fostering a secure digital future in Europe by aligning with ENISA’s vision for the EUVD,” said Gerald Beuchelt, Acronis CISO. “By leveraging our advanced cyber protection solutions, we aim to help organizations navigate the evolving regulatory landscape, reduce exposure to cyber threats and maintain compliance with EU cybersecurity laws. As the EUVD grows in influence, particularly with the enforcement of the Cyber Resilience Act’s reporting requirements in September 2026, Acronis will continue to innovate and integrate, ensuring our customers remain ahead of the curve in a rapidly changing threat environment.”

Together with ENISA, Acronis is committed to building a more resilient, transparent and sovereign cybersecurity ecosystem for Europe — one that empowers businesses to thrive securely in the digital age.