Proposal for a Regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union

Summary:

Legislative initiative - tabled by the European Commission on 22 March 2022 - laying down measures for a common level of cybersecurity at the institutions, bodies, offices and agencies of the European Union (EU).

Further information:

This proposal establishes a framework for ensuring common cybersecurity rules and measures among the EU institutions, bodies and agencies. It aims at further improving all entities’ resilience and incident response capacities. It modernises the existing CERT-EU legal framework and takes account of the changed and increased digitisation of the institutions, bodies and agencies over the years as well as the evolving cybersecurity threat landscape. It renames CERT-EU from Computer Emergency Response Team  to Cybersecurity Centre for the Union institutions, bodies and agencies, in line with similar developments in the Member States and globally, but it retains the acronym.

The draft law was adopted by the European Commission on 22 March 2022, and it built on the EU Security Union Strategy and the EU's Cybersecurity Strategy for the Digital Decade. The Council of the European Union adopted its general approach on 18 November.

• Primary Source

Commentary and Analysis

EPRS: Briefing, September 2022: High common level of cybersecurity at the institutions, bodies, offices and agencies of the Union https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2022)733625

EUCRIM: News, 26/04/2022: Commission Proposes New Regulations to Improve Cybersecurity and Information Security of EU Administration https://eucrim.eu/news/commission-proposes-new-regulations-to-improve-cybersecurity-and-information-security-of-eu-administration/

EUObserver: Opinion, 24/06/2022: How to enhance EU cybersecurity https://euobserver.com/opinion/155266

---

News

Reuters, 22/03/2022: EU proposes cybersecurity rules for EU bodies amid cyberattack worries https://www.reuters.com/technology/eu-proposes-cybersecurity-rules-eu-bodies-amid-cyberattack-worries-2022-03-22/

---

Official

EUR-LEX: SWD(2022)67: Staff Working Document accompanying the Proposal - Impact Analysis https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=SWD:2022:67:FIN

EUR-LEX: SWD(2022)68: Staff Working Document accompanying the Proposal - Executive Summary of the Impact Analysis https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=SWD:2022:68:FIN

European Parliament: Legislative Observatory: Procedure File for Proposal on High common level of cybersecurity at the institutions, bodies, offices and agencies of the Union (2022/0085(COD)) https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2022/0085(COD)

European Parliament: Legislative Train Schedule: Proposal for a regulation laying down measures on cybersecurity at the institutions, bodies, offices and agencies of the Union https://www.europarl.europa.eu/legislative-train/theme-a-europe-fit-for-the-digital-age/file-proposal-for-cybersecurity-regulation

European Commission: Publications: Proposal for Cybersecurity Regulation https://ec.europa.eu/info/publications/proposal-cybersecurity-regulation_en

European Commission: Press Release, 22/03/2022: New rules to boost cybersecurity and information security in EU institutions, bodies, offices and agencies https://ec.europa.eu/commission/presscorner/detail/en/ip_22_1866

Council of the European Union: Press Release, 18/11/2022: Cybersecurity at the EU institutions, bodies, offices and agencies: Council adopts its position on common rules https://www.consilium.europa.eu/en/press/press-releases/2022/11/18/cybersecurity-at-the-eu-institutions-bodies-offices-and-agencies-council-adopts-its-position-on-common-rules/

---