Regulation (EU) 2019/881 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification (Cybersecurity Act)

Author (Corporate)	Council of the European Union, European Parliament
Series Title	Official Journal of the European Union
Series Details	L 151
Publication Date	07/06/2019
Content Type	Legislation
	Summary: Regulation of the European Parliament and of the Council of 17 April 2019 strengthening the role of ENISA and setting up a European framework for cybersecurity certification. Further information: This Regulation establishes a European Cybersecurity Certification Framework for ICT products and services and specifies the essential functions and tasks of the European Union Agency for Network and Information Security (ENISA) in the field of cybersecurity certification. The proposed Regulation was presented on 13 September 2017 by the European Commission. The Council of the European Union adopted its general approach regarding this proposal on 8 June 2018. The European Parliament's relevant committee adopted its position and mandate for negotiations on 10 July. Background: The proposal was announced as part of the European Union's overhaul of its cybersecurity strategy during the annual SOTEU 2017 address. It follows up on the announcement in 2016 that the European Commission had decided to review Regulation (EU) 526/2013, which provides the second mandate for the ENISA. Its strengthening would also acknowledge the agency's responsibilities under the NIS Directive. The 2016 Communication on 'Strengthening Europe's cyber resilience system and fostering a competitive and innovative cybersecurity industry' – which announced the review of the role of ENISA – also put forward the idea of establishing a framework for security certification for ICT products and services in order to increase trust and security in the digital single market. The Commission identified ENISA as the natural body to take up the role regarding certification.
Source Link	Primary Source https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2019.151.01.0015.01.ENG
Related Links	Commentary and Analysis EPRS: Briefing, December 2017: EU Cybersecurity Agency and cybersecurity certification [Initial Appraisal of a European Commission Impact Assessment] http://www.europarl.europa.eu/RegData/etudes/BRIE/2017/615633/EPRS_BRI(2017)615633_EN.pdf EPRS: Briefing, January 2018: ENISA and a new cybersecurity act http://www.europarl.europa.eu/thinktank/en/document.html?reference=EPRS_BRI(2017)614643 News EUObserver, 13/09/2017: EU to beef up cybersecurity agency https://euobserver.com/digital/139000 EUObserver, 15/09/2017: Greece keen to keep EU cybersecurity agency https://euobserver.com/digital/139022 EUObserver, 19/09/2017: EU agency to fight election hacking https://euobserver.com/justice/139072 EUObserver, 09/01/2018: EU cyber chief says expectations exceed resources https://euobserver.com/digital/140481 EurActiv, 07/06/2018: Cybersecurity agency hopes for 24/7 crisis response centre in Brussels https://www.euractiv.com/section/cybersecurity/news/cybersecurity-agency-hopes-for-24-7-crisis-response-centre-in-brussels/ Official EUR-Lex: COM(2017)477: Proposal for a Regulation on ENISA (the EU Cybersecurity Agency) and on information and communication technology cybersecurity certification (Cybersecurity Act) https://eur-lex.europa.eu/legal-content/EN/HIS/?uri=COM:2017:477:FIN EUR-Lex: SWD(2017)500: Impact assessment accompanying COM(2017)477 https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=SWD:2017:500:FIN EUR-Lex: SWD(2017)501: Executive summary of the impact assessment accompanying COM(2017)477 https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=SWD:2017:501:FIN EUR-Lex: SWD(2017)502: Evaluation of the European Union Agency for Network and Information Security (ENISA) https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=SWD:2017:502:FIN European Parliament: Legislative Observatory: Procedure file EU Cybersecurity Agency (ENISA) and information and communication technology cybersecurity certification (Cybersecurity Act) http://www.europarl.europa.eu/oeil-mobile/fiche-procedure/2017/0225(COD) European Parliament: Legislative Train: The EU Cybersecurity Agency and the Cybersecurity act http://www.europarl.europa.eu/legislative-train/theme-connected-digital-single-market/file-jd-eu-cybersecurity-agency-and-cybersecurity-act Council of the European Union: Press Release, 08/06/2018: EU to create a common cybersecurity certification framework and beef up its agency – Council agrees its position http://www.consilium.europa.eu/en/press/press-releases/2018/06/08/eu-to-create-a-common-cybersecurity-certification-framework-and-beef-up-its-agency-council-agrees-its-position/ European Commission: Statement, 08/06/2018: Joint Statement by Vice-President Ansip and Commissioner Gabriel on political agreement from the Council http://europa.eu/rapid/press-release_STATEMENT-18-4097_en.htm
Subject Categories	Business and Industry
Subject Tags	Cybersecurity \| Cyber-security, Telecommunications
Keywords	European Network and Information Security Agency [ENISA]
International Organisations	European Union [EU]