Europe Moves Forward on Cybersecurity Legislation
Thursday, March 28, 2019 | Comments

The European Parliament, the Council and the European Commission reached a political agreement on the Cybersecurity Act, reinforcing the mandate and competences of the European Union Agency for Network and Information and Security (ENISA). Moreover, the political text is set to create a certification framework for products and services.

Following a political agreement reached in December, the European Parliament on 12 March approved the new regulation, which still needs to be approved by the Council and will come into force 20 days after being published.

The new proposed mandate reinforces ENISA’s role and enables the agency to better support the member states in implementing the security of network and information systems (NIS) directive and to counter particular threats more actively by becoming a center of expertise on cybersecurity certification. The name of the agency will be changed to the EU Cybersecurity Agency.

The act will also create a framework for European cybersecurity certificates for products, processes and services that will be valid throughout the EU. It establishes the first EU-wide cybersecurity certification scheme to ensure that certified products, processes and services sold in EU countries meet cybersecurity standards. This is the first internal market law that takes up the challenge of enhancing the security of connected products, internet of things (IoT) devices as well as critical infrastructure through such certificates. The framework incorporates security features in the early stages of technical design and development, enables users to ascertain the level of security assurance and ensures that these security features are independently verified.

Following adoption by the European Parliament, the proposal includes establishing several cybersecurity centers. The Cybersecurity Industrial, Technology and Research Centre will enhance the coordination of research and innovation in the field of cybersecurity. It will also be the EU's main instrument to pool investment in cybersecurity research, technology and industrial development.

The Cybersecurity Competence Network will consist of national coordination centers designated by member states. The national centers will either possess or have access to technological expertise in cybersecurity, for example in areas such as cryptography, intrusion detection or human aspects of security.

Would you like to comment on this story? Find our comments system below.

Post a comment
Name: *
Email: *
Title: *
Comment: *


No Comments Submitted Yet

Be the first by using the form above to submit a comment!

Magazines in Print

September 2019

26 - 26
Webinar: FirstNet App Catalog: Making Responder Mobility Possible

October 2019

3 - 3
Webinar: Two Agencies — Two Approaches to Cyber Resilience

23 - 24
Wireless Leadership Summit
Kansas City, Missouri

November 2019

3 - 6
APCO Canada
Halifax, Nova Scotia, Canada

More Events >

Site Navigation