ETSI Recommends Changes to European Cybersecurity Regulation
Thursday, February 08, 2018 | Comments

The European Telecommunications Standards Institute (ETSI) released a position paper on the European Commission proposal of Cybersecurity Act (Regulation 2017/0225). ETSI said that some points should be further elaborated and clarified in the proposed regulation.

In September 2017, the European Commission published a proposal for a regulation of the European Parliament and the European Network and Information Security Agency (ENISA) on information and communication technology (ICT) cybersecurity certification.

ETSI said it welcomes the overall objective of the proposed regulation to “increase EU resilience, enhance its cybersecurity preparedness and avoid fragmentation of certification schemes in the EU.” However, ETSI said clarifications are needed.

First, the concept and definitions of standards for certification should be clarified, and ETSI recommended that the fundamental relationship between standards and certification schemes is unambiguously and explicitly described in the draft regulation.

Secondly, the new legislative framework should be used as a toolbox and the text modified accordingly to include the clear sequence of requirements – standards – certification, as well as self-assessment to determine conformity with specific requirements and standards.

The third recommendation is to follow a risk management approach and leave the definition of levels of assurance to market players. ETSI also recommended that Article 45 should be replaced with higher-level objectives and should avoid technical issues, which are best left to standards to address.

Another recommendation said that the text should clarify how the proposed system will interact with existing certification schemes in other European Union acts and how the migration path from current certification schemes will be organized. The last recommendation is for the proposed regulation to further clarify and specify the processes and governance of the new missions granted to both ENISA and the European Commission.

Would you like to comment on this story? Find our comments system below.

Post a comment
Name: *
Email: *
Title: *
Comment: *


No Comments Submitted Yet

Be the first by using the form above to submit a comment!

Site Navigation