Regulation (EU) 2019/881 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification (Cybersecurity Act)

Author (Corporate) ,
Series Title
Series Details L 151
Publication Date 07/06/2019
Content Type

Summary:

Regulation of the European Parliament and of the Council of 17 April 2019 strengthening the role of ENISA and setting up a European framework for cybersecurity certification.

Further information:

This Regulation establishes a European Cybersecurity Certification Framework for ICT products and services and specifies the essential functions and tasks of the European Union Agency for Network and Information Security (ENISA) in the field of cybersecurity certification.

The proposed Regulation was presented on 13 September 2017 by the European Commission. The Council of the European Union adopted its general approach regarding this proposal on 8 June 2018. The European Parliament's relevant committee adopted its position and mandate for negotiations on 10 July.

Background:

The proposal was announced as part of the European Union's overhaul of its cybersecurity strategy during the annual SOTEU 2017 address. It follows up on the announcement in 2016 that the European Commission had decided to review Regulation (EU) 526/2013, which provides the second mandate for the ENISA. Its strengthening would also acknowledge the agency's responsibilities under the NIS Directive.

The 2016 Communication on 'Strengthening Europe's cyber resilience system and fostering a competitive and innovative cybersecurity industry' – which announced the review of the role of ENISA – also put forward the idea of establishing a framework for security certification for ICT products and services in order to increase trust and security in the digital single market. The Commission identified ENISA as the natural body to take up the role regarding certification.

Source Link https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2019.151.01.0015.01.ENG
Related Link(s)
Commentary and Analysis
EPRS: Briefing, December 2017: EU Cybersecurity Agency and cybersecurity certification [Initial Appraisal of a European Commission Impact Assessment] http://www.europarl.europa.eu/RegData/etudes/BRIE/2017/615633/EPRS_BRI(2017)615633_EN.pdf
EPRS: Briefing, January 2018: ENISA and a new cybersecurity act http://www.europarl.europa.eu/thinktank/en/document.html?reference=EPRS_BRI(2017)614643

News
EUObserver, 13/09/2017: EU to beef up cybersecurity agency https://euobserver.com/digital/139000
EUObserver, 15/09/2017: Greece keen to keep EU cybersecurity agency https://euobserver.com/digital/139022
EUObserver, 19/09/2017: EU agency to fight election hacking https://euobserver.com/justice/139072
EUObserver, 09/01/2018: EU cyber chief says expectations exceed resources https://euobserver.com/digital/140481
EurActiv, 07/06/2018: Cybersecurity agency hopes for 24/7 crisis response centre in Brussels https://www.euractiv.com/section/cybersecurity/news/cybersecurity-agency-hopes-for-24-7-crisis-response-centre-in-brussels/

Official
EUR-Lex: COM(2017)477: Proposal for a Regulation on ENISA (the EU Cybersecurity Agency) and on information and communication technology cybersecurity certification (Cybersecurity Act) https://eur-lex.europa.eu/legal-content/EN/HIS/?uri=COM:2017:477:FIN
EUR-Lex: SWD(2017)500: Impact assessment accompanying COM(2017)477 https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=SWD:2017:500:FIN
EUR-Lex: SWD(2017)501: Executive summary of the impact assessment accompanying COM(2017)477 https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=SWD:2017:501:FIN
EUR-Lex: SWD(2017)502: Evaluation of the European Union Agency for Network and Information Security (ENISA) https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=SWD:2017:502:FIN
European Parliament: Legislative Observatory: Procedure file EU Cybersecurity Agency (ENISA) and information and communication technology cybersecurity certification (Cybersecurity Act) http://www.europarl.europa.eu/oeil-mobile/fiche-procedure/2017/0225(COD)
European Parliament: Legislative Train: The EU Cybersecurity Agency and the Cybersecurity act http://www.europarl.europa.eu/legislative-train/theme-connected-digital-single-market/file-jd-eu-cybersecurity-agency-and-cybersecurity-act
Council of the European Union: Press Release, 08/06/2018: EU to create a common cybersecurity certification framework and beef up its agency – Council agrees its position http://www.consilium.europa.eu/en/press/press-releases/2018/06/08/eu-to-create-a-common-cybersecurity-certification-framework-and-beef-up-its-agency-council-agrees-its-position/
European Commission: Statement, 08/06/2018: Joint Statement by Vice-President Ansip and Commissioner Gabriel on political agreement from the Council http://europa.eu/rapid/press-release_STATEMENT-18-4097_en.htm

Subject Categories
Subject Tags ,
Keywords
International Organisations