Procedure : 2018/0328(COD)
Document stages in plenary
Document selected : A8-0084/2019

Texts tabled :

A8-0084/2019

Debates :

PV 11/03/2019 - 19
CRE 11/03/2019 - 19

Votes :

PV 13/03/2019 - 19.1
CRE 13/03/2019 - 19.1
Explanations of votes
PV 17/04/2019 - 16.12

Texts adopted :

P8_TA(2019)0189
P8_TA(2019)0419

REPORT     ***I
PDF 443kWORD 204k
22.2.2019
PE 631.940v02-00 A8-0084/2019

on the proposal for a regulation of the European Parliament and of the Council establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres

(COM(2018)0630 – C8‑0404/2018 – 2018/0328(COD))

Committee on Industry, Research and Energy

Rapporteur: Julia Reda

DRAFT EUROPEAN PARLIAMENT LEGISLATIVE RESOLUTION
 EXPLANATORY STATEMENT
 ANNEX: LIST OF ENTITIES OR PERSONSFROM WHOM THE RAPPORTEUR HAS RECEIVED INPUT
 OPINION of the Committee on the Internal Market and Consumer Protection
 PROCEDURE – COMMITTEE RESPONSIBLE
 FINAL VOTE BY ROLL CALL IN COMMITTEE RESPONSIBLE

DRAFT EUROPEAN PARLIAMENT LEGISLATIVE RESOLUTION

on the proposal for a regulation of the European Parliament and of the Council establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres

(COM(2018)0630 – C8‑0404/2018 – 2018/0328(COD))

(Ordinary legislative procedure: first reading)

The European Parliament,

–  having regard to the Commission proposal to Parliament and the Council (COM(2018)0630),

–  having regard to Article 294(2) and Articles 173(3) and the first paragraph of Article 188 of the Treaty on the Functioning of the European Union, pursuant to which the Commission submitted the proposal to Parliament (C8‑0404/2018),

–  having regard to Article 294(3) of the Treaty on the Functioning of the European Union,

–  having regard to the opinion of the European Economic and Social Committee of 23 January 2019(1),

–  having regard to Rule 59 of its Rules of Procedure,

–  having regard to the report of the Committee on Industry, Research and Energy and the opinion of the Committee on the Internal Market and Consumer Protection (A8-0084/2019),

1.  Adopts its position at first reading hereinafter set out;

2.  Calls on the Commission to refer the matter to Parliament again if it replaces, substantially amends or intends to substantially amend its proposal;

3.  Instructs its President to forward its position to the Council, the Commission and the national parliaments.

Amendment    1

Proposal for a regulation

Recital 1

Text proposed by the Commission

Amendment

(1)  Our daily lives and economies become increasingly dependent on digital technologies, citizens become more and more exposed to serious cyber incidents. Future security depends, among others, on enhancing technological and industrial ability to protect the Union against cyber threats, as both civilian infrastructure and military capacities rely on secure digital systems.

(1)  More than 80% of the population of the Union is connected to the internet and our daily lives and economies are becoming increasingly dependent on digital technologies, with citizens becoming more and more exposed to serious cyber incidents. Future security depends, among others, on contributing to the overall resilience, on enhancing technological and industrial ability to protect the Union against constantly evolving cyber threats, as both infrastructure and security capacities rely on secure digital systems. This can be achieved by raising the awareness for cybersecurity threats, by developing competences, capacities, capabilities throughout the Union, thoroughly taking into account the interplay of hardware and software infrastructure, networks, products and processes, and the societal and ethical implications and concerns.

Amendment    2

Proposal for a regulation

Recital 1 a (new)

Text proposed by the Commission

Amendment

 

(1a)  Cybercrime is a fast growing threat to the Union, its citizens and its economy. In 2017, 80 % of the European companies have experienced at least one cyber incident. The Wannacry-attack in May 2017 affected more than 150 countries and 230 000IT-systems and had significant impacts on critical infrastructures such as hospitals. This underlines the necessity for the highest cybersecurity standards and holistic cybersecurity solutions, involving people, products, processes and technology in the Union, as well as for European leadership in the matter, and for Digital autonomy.

Amendment    3

Proposal for a regulation

Recital 4

Text proposed by the Commission

Amendment

(4)  The Heads of State and Government at the Tallinn Digital Summit, in September 2017, called for the Union to become "a global leader in cyber-security by 2025, in order to ensure trust, confidence and protection of our citizens, consumers and enterprises online and to enable a free and law-governed internet."

(4)  The Heads of State and Government at the Tallinn Digital Summit, in September 2017, called for the Union to become "a global leader in cyber-security by 2025, in order to ensure trust, confidence and protection of our citizens, consumers and enterprises online and to enable a free, safer and law-governed internet", and declared to “make more use of open source solutions and/or open standards when (re)building ICT systems and solutions (among else, to avoid vendor lock-ins), including those developed and/or promoted by EU programmes for interoperability and standardisation, such as ISA2 ”.

Amendment    4

Proposal for a regulation

Recital 4 a (new)

Text proposed by the Commission

Amendment

 

(4a)  The European Cybersecurity Industrial, Technology and Research Competence Centre (the ‘Competence Centre’) should help increase the resilience and reliability of the infrastructure of network and information systems, including the internet and other critical infrastructure for the functioning of society such as transport, health, and banking systems.

Amendment    5

Proposal for a regulation

Recital 4 b (new)

Text proposed by the Commission

Amendment

 

(4b)  The Competence Centre and its actions should take into account the implementation of Regulation (EU) 2019/XXX [recast of Regulation (EC) No 428/2009 as proposed by COM(2016)616].1a

 

__________________

 

1a Regulation (EU) 2019/... of the European Parliament and of the Council of ... setting up a Union regime for the control of exports, transfer, brokering, technical assistance and transit of dual-use items (OJ L ..., ..., p. ...).

Amendment    6

Proposal for a regulation

Recital 5

Text proposed by the Commission

Amendment

(5)  Substantial disruption of network and information systems can affect individual Member States and the Union as a whole. The security of network and information systems is therefore essential for the smooth functioning of the internal market. At the moment, the Union depends on non-European cybersecurity providers. However, it is in the Union's strategic interest to ensure that it retains and develops essential cybersecurity technological capacities to secure its Digital Single Market, and in particular to protect critical networks and information systems and to provide key cybersecurity services.

(5)  Substantial disruption of network and information systems can affect individual Member States and the Union as a whole. The highest level of security of network and information systems throughout the Union is therefore essential for society and economy alike. At the moment, the Union depends on non-European cybersecurity providers. However, it is in the Union's strategic interest to ensure that it retains and develops essential cybersecurity technological capacities and capabilities to secure the protection of data and critical networks and information systems of European citizens and companies, including critical infrastructures for the functioning of society such as transport systems, health systems and banking, and the Digital Single Market, and to provide key cybersecurity services.

Amendment    7

Proposal for a regulation

Recital 6

Text proposed by the Commission

Amendment

(6)  A wealth of expertise and experience in cybersecurity research, technology and industrial development exists in the Union but the efforts of industrial and research communities are fragmented, lacking alignment and a common mission, which hinders competitiveness in this domain. These efforts and expertise need to be pooled, networked and used in an efficient manner to reinforce and complement existing research, technology and industrial capacities at Union and national levels.

(6)  A wealth of expertise and experience in cybersecurity research, technology and industrial development exists in the Union but the efforts of industrial and research communities are fragmented, lacking alignment and a common mission, which hinders competitiveness and effective protection of critical data, networks and systems in this domain. These efforts and expertise need to be pooled, networked and used in an efficient manner to reinforce and complement existing research, technology, skills and industrial capacities at Union and national levels. Whereas the Information and Communication Technology (ICT) sector faces important challenges, such as fulfilling its demand for skilled workers, it can benefit from representing the diversity of society at large, and from achieving a balanced representation of genders, ethnic diversity, and non-discrimination against disabled persons, as well as from facilitating the access to knowledge and training for future cybersecurity experts, including their education in non-formal contexts, for example in Free and Open Source Software projects, civic tech projects, start-ups and microenterprises.

Amendment    8

Proposal for a regulation

Recital 6 a (new)

Text proposed by the Commission

Amendment

 

(6a)  Small and medium-sized enterprises (SMEs) are crucial actors in the European cybersecurity sector that can provide cutting-edge solutions due to their agility. SMEs that are not specialised in cybersecurity however, are also prone to be more vulnerable to cyber incidents due to high investment and knowledge requirements to establish effective cybersecurity solutions. It is therefore necessary that the Competence Centre and the Cybersecurity Competence Network provide special support for SMEs by facilitating their access to knowledge and training in order to allow them to secure themselves sufficiently and to allow those who are active in cybersecurity to contribute to the European leadership in the field.

Amendment    9

Proposal for a regulation

Recital 6 b (new)

Text proposed by the Commission

Amendment

 

(6b)  Expertise exists beyond industrial and research contexts. Non-commercial and pre-commercial projects, referred to as “civic tech” projects, make use of open standards, Open Data, and Free and Open Source Software, in the interest of society and the public good. They contribute to the resilience, awareness and development of competences in cybersecurity matters and play an important role in building capacities for industry and research in the field.

Amendment    10

Proposal for a regulation

Recital 6 c (new)

Text proposed by the Commission

Amendment

 

(6c)  The term ‘stakeholders’, when used in the context of this Regulation, refers to, inter alia, the industry, public entities and other entities dealing with operational and technical matters in the area of cybersecurity, as well as civil society, inter alia trade unions, consumer associations, the Free and Open Source Software community, and the academic and research community.

Amendment    11

Proposal for a regulation

Recital 8

Text proposed by the Commission

Amendment

(8)  The Competence Centre should be the Union's main instrument to pool investment in cybersecurity research, technology and industrial development and to implement relevant projects and initiatives together with the Cybersecurity Competence Network. It should deliver cybersecurity-related financial support from the Horizon Europe and Digital Europe programmes, and should be open to the European Regional Development Fund and other programmes where appropriate. This approach should contribute to creating synergies and coordinating financial support related to cybersecurity research, innovation, technology and industrial development and avoiding duplication.

(8)  The Competence Centre should be the Union's main instrument to pool investment in cybersecurity research, technology and industrial development and to implement relevant projects and initiatives together with the Cybersecurity Competence Network. It should deliver cybersecurity-related financial support from the Horizon Europe and Digital Europe programmes, as well as from the European Defence Fund for actions and administrative costs related to defence, and should be open to the European Regional Development Fund and other programmes where appropriate. This approach should contribute to creating synergies and coordinating financial support related to Union initiatives in the field of cybersecurity research and development, innovation, technology and industrial development and avoiding duplication.

Amendment    12

Proposal for a regulation

Recital 8 a (new)

Text proposed by the Commission

Amendment

 

(8a)  “Security by design” as a principle established in Commission Joint Communication of 13 September 2017 entitled “Resilience, Deterrence and Defence: Building strong cybersecurity for the EU” includes state-of-the-art methods to increase security, at all stages of the lifecycle of a product or service, starting with secure design and development methods, reducing the attack surface, and incorporating adequate security testing and security audits. For the duration of operation and maintenance, producers or providers need to make available updates remedying new vulnerabilities or threats without delay, for the estimated lifetime of a product and beyond. This can also be achieved by enabling third parties to create and provide such updates. The provision of updates is especially necessary in the case of commonly used infrastructures, products and processes.

Amendment    13

Proposal for a regulation

Recital 8 b (new)

Text proposed by the Commission

Amendment

 

(8b)  In view of the extent of the cybersecurity challenge and in view of the investments made in cybersecurity capacities and capabilities in other parts of the world, the Union and its Member States should step up their financial support to research, development and deployment in this area. In order to realise economies of scale and achieve a comparable level of protection across the union, the Member States should put their efforts into a European framework by investing through the Competence Centre mechanism where relevant.

Amendment    14

Proposal for a regulation

Recital 8 c (new)

Text proposed by the Commission

Amendment

 

(8c)  The Competence Centre and the Community should, in order to foster European competitiveness and highest cybersecurity standards internationally, seek the exchange on cybersecurity products and processes, standards and technical standards with the international community. Technical standards include the creation of reference implementations, published under open standard licences. The secure design of, in particular, reference implementations is crucial for the overall reliability and resilience of commonly used network and information system infrastructure like the internet and critical infrastructures

Amendment    15

Proposal for a regulation

Recital 9

Text proposed by the Commission

Amendment

(9)  Taking into account that the objectives of this initiative can be best achieved if all Member States or as many Member States as possible participate, and as an incentive for Member States to take part, only Member States who contribute financially to the administrative and operational costs of the Competence Centre should hold voting rights.

(9)  Taking into account that the objectives of this initiative can be best achieved if all Member States or as many Member States as possible contribute, and as an incentive for Member States to take part, only Member States who contribute financially to the administrative and operational costs of the Competence Centre should hold voting rights.

Amendment    16

Proposal for a regulation

Recital 12

Text proposed by the Commission

Amendment

(12)  National Coordination Centres should be selected by Member States. In addition to the necessary administrative capacity, Centres should either possess or have direct access to cybersecurity technological expertise in cybersecurity, notably in domains such as cryptography, ICT security services, intrusion detection, system security, network security, software and application security, or human and societal aspects of security and privacy. They should also have the capacity to effectively engage and coordinate with the industry, the public sector, including authorities designated pursuant to the Directive (EU) 2016/1148 of the European Parliament and of the Council23 , and the research community.

(12)  National Coordination Centres should be selected by Member States. In addition to the necessary administrative capacity, Centres should either possess or have direct access to cybersecurity technological expertise in cybersecurity, notably in domains such as cryptography, ICT security services, intrusion detection, system security, network security, software and application security, or human, ethical, societal and environmental aspects of security and privacy. They should also have the capacity to effectively engage and coordinate with the industry, the public sector, including authorities designated pursuant to the Directive (EU) 2016/1148 of the European Parliament and of the Council23 , and the research community in order to establish a continuous public-private dialogue on cybersecurity. In addition, awareness should be raised amongst the general public about cybersecurity through appropriate communicative means.

__________________

__________________

23 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (OJ L 194, 19.7.2016, p. 1).

23 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (OJ L 194, 19.7.2016, p. 1).

Amendment    17

Proposal for a regulation

Recital 14

Text proposed by the Commission

Amendment

(14)  Emerging technologies such as artificial intelligence, Internet of Things, high-performance computing (HPC) and quantum computing, blockchain and concepts such as secure digital identities create at the same time new challenges for cybersecurity as well as offer solutions. Assessing and validating the robustness of existing or future ICT systems will require testing security solutions against attacks run on HPC and quantum machines. The Competence Centre, the Network and the Cybersecurity Competence Community should help advance and disseminate the latest cybersecurity solutions. At the same time the Competence Centre and the Network should be at the service of developers and operators in critical sectors such as transport, energy, health, financial, government, telecom, manufacturing, defence, and space to help them solve their cybersecurity challenges.

(14)  Emerging technologies such as artificial intelligence, Internet of Things, high-performance computing (HPC) and quantum computing, as well as concepts such as secure digital identities create at the same time new challenges for cybersecurity as well as offer products and processes. Assessing and validating the robustness of existing or future ICT systems will require testing security products and processes against attacks run on HPC and quantum machines. The Competence Centre, the Network, the European Digital Innovation Hubs and the Cybersecurity Competence Community should help advance and disseminate the latest cybersecurity products and processes, including dual use, in particular those that help organisations to be in a constant state of building capacity, resilience and appropriate governance. The Competence Centre and the Network should stimulate the whole innovation cycle and contribute to bridging the valley of death of innovation of cybersecurity technologies and services. At the same time the Competence Centre, the Network and the Community should be at the service of developers and operators in critical sectors such as transport, energy, health, financial, government, telecom, manufacturing, defence, and space to help them solve their cybersecurity challenges, and research the various motivations of attacks on the integrity of networks and information systems, such as crime, industrial espionage, defamation, and disinformation.

Amendment    18

Proposal for a regulation

Recital 14 a (new)

Text proposed by the Commission

Amendment

 

(14a)  Due to the fast changing nature of cyber threats and cybersecurity, the Union needs to be able to adapt fast and continuously to new developments in the field. Hence, the Competence Centre, the Cybersecurity Competence Network and the Cybersecurity Competence Community should be flexible enough to ensure the required reactivity. They should facilitate solutions that help entities to be able to constantly build capability to enhance their and the Union’s resilience.

Amendment    19

Proposal for a regulation

Recital 14 b (new)

Text proposed by the Commission

Amendment

 

(14b)  The Competence Centre should have the objectives to establish European leadership and expertise in cybersecurity, and by that guarantee the highest security standards in the Union, ensure the protection of data, information systems, networks and critical infrastructures in the Union, create new high-quality jobs in the area, prevent brain drain from the European cybersecurity experts to third countries, and add European value to the already existing national cybersecurity measures.

Amendment    20

Proposal for a regulation

Recital 15

Text proposed by the Commission

Amendment

(15)  The Competence Centre should have several key functions. First, the Competence Centre should facilitate and help coordinate the work of the European Cybersecurity Competence Network and nurture the Cybersecurity Competence Community. The Centre should drive the cybersecurity technological agenda and facilitate access to the expertise gathered in the Network and the Cybersecurity Competence Community. Secondly, it should implement relevant parts of Digital Europe and Horizon Europe programmes by allocating grants, typically following a competitive call for proposals. Thirdly, the Competence Centre should facilitate joint investment by the Union, Member States and/or industry.

(15)  The Competence Centre should have several key functions. First, the Competence Centre should facilitate and help coordinate the work of the European Cybersecurity Competence Network and nurture the Cybersecurity Competence Community. The Centre should drive the cybersecurity technological agenda and pool, share and facilitate access to the expertise gathered in the Network and the Cybersecurity Competence Community, and to cybersecurity infrastructure. Secondly, it should implement relevant parts of Digital Europe and Horizon Europe programmes by allocating grants, typically following a competitive call for proposals. Thirdly, the Competence Centre should facilitate joint investment by the Union, Member States and/or industry as well as joint training opportunities and awareness raising programmes in line with the Digital Europe Programme for citizens and businesses to overcome the skill gap. It should pay special attention to the enabling of SMEs in the area of cybersecurity.

Amendment    21

Proposal for a regulation

Recital 16

Text proposed by the Commission

Amendment

(16)  The Competence Centre should stimulate and support the cooperation and coordination of the activities of the Cybersecurity Competence Community, which would involve a large, open, and diverse group of actors involved in cybersecurity technology. That Community should include in particular research entities, supply-side industries, demand side industries, and the public sector. The Cybersecurity Competence Community should provide input to the activities and work plan of the Competence Centre and it should also benefit from the community-building activities of the Competence Centre and the Network, but otherwise should not be privileged with regard to calls for proposals or calls for tender.

(16)  The Competence Centre should stimulate and support the long-term strategic cooperation and coordination of the activities of the Cybersecurity Competence Community, which would involve a large, open, interdisciplinary and diverse group of European actors involved in cybersecurity technology. That Community should include in particular research entities, including those working on cybersecurity ethics, supply-side industries, demand-side industries including SMEs, and the public sector. The Cybersecurity Competence Community should provide input to the activities and work plan of the Competence Centre and it should also benefit from the community-building activities of the Competence Centre and the Network, but otherwise should not be privileged with regard to calls for proposals or calls for tender.

Amendment    22

Proposal for a regulation

Recital 16 a (new)

Text proposed by the Commission

Amendment

 

(16a)  The Competence Centre should provide the appropriate support to ENISA in its tasks defined by Directive (EU) 2016/1148 (“NIS Directive”) and Regulation (EU) 2019/XXX of the European Parliament and of the Council1a(“Cybersecurity Act”). Therefore, ENISA should provide relevant inputs to the Competence Centre in its task of defining funding priorities.

 

__________________

 

1a Regulation (EU) 2019/… of the European Parliament and of the Council of … on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (OJ L ...) (2017/0225(COD)).

Amendment    23

Proposal for a regulation

Recital 17

Text proposed by the Commission

Amendment

(17)  In order to respond to the needs of both demand and supply side industries, the Competence Centre's task to provide cybersecurity knowledge and technical assistance to industries should refer to both ICT products and services and all other industrial and technological products and solutions in which cybersecurity is to be embedded.

(17)  In order to respond to the needs of the public sector and both demand and supply side industries, the Competence Centre's task to provide cybersecurity knowledge and technical assistance to the public sector and industries should refer to both ICT products, processes and services and all other industrial and technological products and processes in which cybersecurity is to be embedded. In particular, the Competence Centre should facilitate the deployment of dynamic enterprise-level solutions focused on building capabilities of entire organisations, including people, processes and technology, in order to effectively protect the organizations against constantly changing cyber threats.

Amendment    24

Proposal for a regulation

Recital 17 a (new)

Text proposed by the Commission

Amendment

 

(17a)  The Competence Centre should contribute to the wide deployment of state-of-the-art cybersecurity products and solutions, in particular those that are internationally recognised.

Amendment    25

Proposal for a regulation

Recital 18

Text proposed by the Commission

Amendment

(18)  Whereas the Competence Centre and the Network should strive to achieve synergies between the cybersecurity civilian and defence spheres, projects financed by the Horizon Europe Programme will be implemented in line with Regulation XXX [Horizon Europe Regulation], which provides that research and innovation activities carried out under Horizon Europe shall have a focus on civil applications.

(18)  Whereas the Competence Centre and the Network should strive to achieve synergies and coordination between the cybersecurity civilian and defence spheres, projects financed by the Horizon Europe Programme will be implemented in line with Regulation XXX [Horizon Europe Regulation], which provides that research and innovation activities carried out under Horizon Europe shall have a focus on civil applications.

Amendment    26

Proposal for a regulation

Recital 19

Text proposed by the Commission

Amendment

(19)  In order to ensure structured and sustainable collaboration, the relation between the Competence Centre and the National Coordination Centres should be based on a contractual agreement.

(19)  In order to ensure structured and sustainable collaboration, the relation between the Competence Centre and the National Coordination Centres should be based on a contractual agreement that should be harmonised at Union level.

Amendment    27

Proposal for a regulation

Recital 20

Text proposed by the Commission

Amendment

(20)  Appropriate provisions should be made to guarantee the liability and transparency of the Competence Centre.

(20)  Appropriate provisions should be made to guarantee the liability and transparency of the Competence Centre and those undertakings receiving funding.

Amendment    28

Proposal for a regulation

Recital 20 a (new)

Text proposed by the Commission

Amendment

 

(20a)  The implementation of deployment projects, in particular those relating to infrastructures and capabilities deployed at European level or in joint procurement, can be divided into different phases of implementation, such as separate tenders for the architecture of hard- and software, their production and their operation and maintenance, whereas companies may only participate in one of the phases each and requiring that the beneficiaries in one or several of those phases meet certain conditions in terms of European ownership or control.

Justification

Separate tenders for hard- and software architecture, their production and their operation and maintenance would strongly improve transparency and security.

Amendment    29

Proposal for a regulation

Recital 20 b (new)

Text proposed by the Commission

Amendment

 

(20b)  With ENISA being the dedicated Union cybersecurity agency, the Competence Centre should seek the greatest possible synergies with it and the Governing Board should consult ENISA due to its experience in the field in all matters regarding cybersecurity, in particular on research-related projects.

Amendment    30

Proposal for a regulation

Recital 20 c (new)

Text proposed by the Commission

Amendment

 

(20c)  In the process of the nomination of the representative to the Governing Board, the European Parliament should include details of the mandate, including the obligation to report regularly to the European Parliament, or the committees responsible.

Amendment    31

Proposal for a regulation

Recital 21

Text proposed by the Commission

Amendment

(21)  In view of their respective expertise in cybersecurity, the Joint Research Centre of the Commission as well as the European Network and Information Security Agency (ENISA) should play an active part in the Cybersecurity Competence Community and the Industrial and Scientific Advisory Board.

(21)  In view of their respective expertise in cybersecurity and in order to ensure greatest possible synergies, the Joint Research Centre of the Commission as well as the European Network and Information Security Agency (ENISA) should play an active part in the Cybersecurity Competence Community and the Industrial and Scientific Advisory Board. ENISA should continue to fulfil its strategic objectives especially in the field of cybersecurity certification as defined in Regulation (EU) 2019/XXX [Cybersecurity Act]1a while the Competence Centre should act as an operational body in cybersecurity .

 

__________________

 

1a Regulation (EU) 2019/… of the European Parliament and of the Council of … on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (OJ L ...) (2017/0225(COD)).

Amendment    32

Proposal for a regulation

Recital 24

Text proposed by the Commission

Amendment

(24)  The Governing Board of the Competence Centre, composed of the Member States and the Commission, should define the general direction of the Competence Centre’s operations, and ensure that it carries out its tasks in accordance with this Regulation. The Governing Board should be entrusted with the powers necessary to establish the budget, verify its execution, adopt the appropriate financial rules, establish transparent working procedures for decision making by the Competence Centre, adopt the Competence Centre’s work plan and multiannual strategic plan reflecting the priorities in achieving the objectives and tasks of the Competence Centre, adopt its rules of procedure, appoint the Executive Director and decide on the extension of the Executive Director’s term of office and on the termination thereof.

(24)  The Governing Board of the Competence Centre, composed of the Member States and the Commission, should define the general direction of the Competence Centre’s operations, and ensure that it carries out its tasks in accordance with this Regulation. The Governing Board should be entrusted with the powers necessary to establish the budget, verify its execution, adopt the appropriate financial rules, establish transparent working procedures for decision making by the Competence Centre, adopt the Competence Centre’s work plan and multiannual strategic plan reflecting the priorities in achieving the objectives and tasks of the Competence Centre, adopt its rules of procedure, appoint the Executive Director and decide on the extension of the Executive Director’s term of office and on the termination thereof. In order to benefit from synergies, ENISA should be a permanent observer in the Governing Board and contribute the work of the Competence Centre, including by being consulted on the multi-annual strategic plan and on the work plan and on the list of actions selected for funding.

Amendment    33

Proposal for a regulation

Recital 24 a (new)

Text proposed by the Commission

Amendment

 

(24a)  The Governing Board should aim to promote the Competence Centre globally, so as to raise its attractiveness and make it a world-class body for excellence in cybersecurity.

Amendment    34

Proposal for a regulation

Recital 25

Text proposed by the Commission

Amendment

(25)  In order for the Competence Centre to function properly and effectively, the Commission and the Member States should ensure that persons to be appointed to the Governing Board have appropriate professional expertise and experience in functional areas. The Commission and the Member States should also make efforts to limit the turnover of their respective Representatives on the Governing Board in order to ensure continuity in its work.

(25)  In order for the Competence Centre to function properly and effectively, the Commission and the Member States should ensure that persons to be appointed to the Governing Board have appropriate professional expertise and experience in functional areas. The Commission and the Member States should also make efforts to limit the turnover of their respective Representatives on the Governing Board in order to ensure continuity in its work and aim to achieve gender balance.

Amendment    35

Proposal for a regulation

Recital 25 a (new)

Text proposed by the Commission

Amendment

 

(25a)  The weight of the Commission vote in the decisions of the Governing Board should be in line with the contribution of the Union budget to the Competence Centre, according to the Commission responsibility to ensure proper management of the Union budget in the Union interest, as set in the Treaties.

Amendment    36

Proposal for a regulation

Recital 26

Text proposed by the Commission

Amendment

(26)  The smooth functioning of the Competence Centre requires that its Executive Director be appointed on grounds of merit and documented administrative and managerial skills, as well as competence and experience relevant for cybersecurity, and that the duties of the Executive Director be carried out with complete independence.

(26)  The smooth functioning of the Competence Centre requires that its Executive Director be appointed in a transparent manner on the grounds of merit and documented administrative and managerial skills, as well as competence and experience relevant for cybersecurity, and that the duties of the Executive Director be carried out with complete independence.

Amendment    37

Proposal for a regulation

Recital 27

Text proposed by the Commission

Amendment

(27)  The Competence Centre should have an Industrial and Scientific Advisory Board as an advisory body to ensure regular dialogue with the private sector, consumers’ organisations and other relevant stakeholders. The Industrial and Scientific Advisory Board should focus on issues relevant to stakeholders and bring them to the attention of the Competence Centre's Governing Board. The composition of the Industrial and Scientific Advisory Board and the tasks assigned to it, such as being consulted regarding the work plan, should ensure sufficient representation of stakeholders in the work of the Competence Centre.

(27)  The Competence Centre should have an Industrial and Scientific Advisory Board as an advisory body to ensure regular and appropriately transparent dialogue with the private sector, consumers’ organisations and other relevant stakeholders. It should also provide the Executive Director and the Governing Board with independent advice on deployment and procurement. The Industrial and Scientific Advisory Board should focus on issues relevant to stakeholders and bring them to the attention of the Competence Centre's Governing Board. The composition of the Industrial and Scientific Advisory Board and the tasks assigned to it, such as being consulted regarding the work plan, should ensure sufficient representation of stakeholders in the work of the Competence Centre. A minimum number of seats should be allocated to each category of industry stakeholders, with particular attention paid to the representation of SMEs.

Amendment    38

Proposal for a regulation

Recital 28

Text proposed by the Commission

Amendment

(28)  The Competence Centre should benefit from the particular expertise and the broad and relevant stakeholders’ representation built through the contractual public-private partnership on cybersecurity during the duration of Horizon2020, through its Industrial and Scientific Advisory Board.

(28)  The Competence Centre and its activities should benefit from the particular expertise and the broad and relevant stakeholders’ representation built through the contractual public-private partnership on cybersecurity during the duration of Horizon2020, and the pilot projects under Horizon2020 on the Cybersecurity Competence Network, through its Industrial and Scientific Advisory Board. The Competence Centre and Industrial and Scientific Advisory Board should, if appropriate, consider replications of existing structures, for example as working groups.

Amendment    39

Proposal for a regulation

Recital 28 a (new)

Text proposed by the Commission

Amendment

 

(28a)  The Competence Centre and its bodies should make use of the experience and contributions of past and current initiatives, such as the contractual public-private partnership (cPPP) on cybersecurity, the European Cyber Security Organisation (ECSO), and the pilot project and preparatory action on Free and Open Source Software Audits (EU FOSSA).

Amendment    40

Proposal for a regulation

Recital 29

Text proposed by the Commission

Amendment

(29)  The Competence Centre should have in place rules regarding the prevention and the management of conflict of interest. The Competence Centre should also apply the relevant Union provisions concerning public access to documents as set out in Regulation (EC) No 1049/2001 of the European Parliament and of the Council24 . Processing of personal data by the Competence Centre will be subject to Regulation (EU) No XXX/2018 of the European Parliament and of the Council. The Competence Centre should comply with the provisions applicable to the Union institutions, and with national legislation regarding the handling of information, in particular sensitive non classified information and EU classified information.

(29)  The Competence Centre should have in place rules regarding the prevention, identification and resolution of conflicts of interest in respect of its members, bodies and staff, the Governing Board, as well as the Scientific and Industrial Advisory Board, and the Community. Member States should ensure the prevention, identification, and resolution of conflicts of interest in respect of the National Coordination Centres. The Competence Centre should also apply the relevant Union provisions concerning public access to documents as set out in Regulation (EC) No 1049/2001 of the European Parliament and of the Council24 . Processing of personal data by the Competence Centre will be subject to Regulation (EU) No XXX/2018 of the European Parliament and of the Council. The Competence Centre should comply with the provisions applicable to the Union institutions, and with national legislation regarding the handling of information, in particular sensitive non classified information and EU classified information.

__________________

__________________

24 Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145, 31.5.2001, p. 43).

24 Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145, 31.5.2001, p. 43).

Amendment    41

Proposal for a regulation

Recital 31

Text proposed by the Commission

Amendment

(31)  The Competence Centre should operate in an open and transparent way providing all relevant information in a timely manner as well as promoting its activities, including information and dissemination activities to the wider public. The rules of procedure of the bodies of the Competence Centre should be made publicly available.

(31)  The Competence Centre should operate in an open and transparent way comprehensively providing information in a timely manner as well as promoting its activities, including information and dissemination activities to the wider public. It should provide the public and any interested parties with a list of the Cybersecurity Competence Community members and should make public the declarations of interest made by them in accordance with Article 42. The rules of procedure of the bodies of the Competence Centre should be made publicly available .

Amendment    42

Proposal for a regulation

Recital 31 a (new)

Text proposed by the Commission

Amendment

 

(31a)  It is advisable that both the Competence Centre and the National Coordination Centres monitor and follow the international standards as much as possible, in order to encourage development towards global best practices.

Amendment    43

Proposal for a regulation

Recital 33 a (new)

Text proposed by the Commission

Amendment

 

(33a)  The power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union should be delegated to the Commission in respect of defining the elements of contractual agreements between the Competence Centre and National Coordination Centres, and in respect of specifying criteria for assessing and accrediting entities as members of the Cybersecurity Competence Community. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level, and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making1a. In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States' experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts.

 

__________________

 

1a OJ L 123, 12.5.2013, p. 1.

Amendment    44

Proposal for a regulation

Recital 34

Text proposed by the Commission

Amendment

(34)  Since the objectives of this Regulation, namely retaining and developing Union's cybersecurity technological and industrial capacities, increasing the competitiveness of the Union's cybersecurity industry and turning cybersecurity into a competitive advantage of other Union industries, cannot be sufficiently achieved by the Member States due the fact that existing, limited resources are dispersed as well as due to the scale of the investment necessary, but can rather by reason of avoiding unnecessary duplication of these efforts, helping to achieve critical mass of investment and ensuring that public financing is used in an optimal way be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve that objective.

(34)  The objectives of this Regulation, namely strengthening Union competitiveness and capacities in cybersecurity through, and reducing its digital dependence by increasing the uptake of cybersecurity products, processes and services developed within the Union, retaining and developing Union's cybersecurity technological and industrial capacities, increasing the competitiveness of the Union's cybersecurity industry and turning cybersecurity into a competitive advantage of other Union industries, cannot be sufficiently achieved by the Member States due the fact that existing, limited resources are dispersed as well as due to the scale of the investment necessary, but can rather by reason of avoiding unnecessary duplication of these efforts, helping to achieve critical mass of investment and ensuring that public financing is used in an optimal way be better achieved at Union level. In addition, only actions at Union level can ensure the highest level of cybersecurity in all Member States and thus close security gaps existing in some Member States that create security gaps for the whole Union. Hence, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve that objective.

Amendment    45

Proposal for a regulation

Article 1 – paragraph 1

Text proposed by the Commission

Amendment

1.  This Regulation establishes the European Cybersecurity Industrial, Technology and Research Competence Centre (the ‘Competence Centre’), as well as the Network of National Coordination Centres, and lays down rules for the nomination of National Coordination Centres as well as for the establishment of the Cybersecurity Competence Community.

1.  This Regulation establishes the European Cybersecurity Industrial, Technology and Research Competence Centre (the ‘Competence Centre’), as well as the Network of National Coordination Centres, and lays down rules for the nomination of National Coordination Centres as well as for the establishment of the Cybersecurity Competence Community. The Competence Centre and the Network shall contribute to the overall resilience and awareness in the Union towards cybersecurity threats, thoroughly taking into account societal implications.

Amendment    46

Proposal for a regulation

Article 1 – paragraph 3

Text proposed by the Commission

Amendment

3.  The seat of the Competence Centre shall be located in [Brussels, Belgium.]

deleted

Amendment    47

Proposal for a regulation

Article 1 – paragraph 4

Text proposed by the Commission

Amendment

4.  The Competence Centre shall have legal personality. In each Member State, it shall enjoy the most extensive legal capacity accorded to legal persons under the laws of that Member State. It may, in particular, acquire or dispose of movable and immovable property and may be a party to legal proceedings.

deleted

Amendment    48

Proposal for a regulation

Article 2 – paragraph 1 – point 1

Text proposed by the Commission

Amendment

(1)  'cybersecurity' means the protection of network and information systems, their users, and other persons against cyber threats;

(1)  'cybersecurity' means all activities necessary to protect network and information systems, their users, and affected persons from cyber threats;

Amendment    49

Proposal for a regulation

Article 2 – paragraph 1 – point 2

Text proposed by the Commission

Amendment

(2)  'cybersecurity products and solutions' means ICT products, services or process with the specific purpose of protecting network and information systems, their users and affected persons from cyber threats;

(2)  'products and processes ' means commercial and non-commercial ICT products, services or processes with the specific purpose of protecting data, network and information systems, their users and other persons from cybersecurity threats;

Amendment    50

Proposal for a regulation

Article 2 – paragraph 1 – point 2 a (new)

Text proposed by the Commission

Amendment

 

(2a)  ‘cyber threat’ means any potential circumstance, event or action that may damage, disrupt or otherwise adversely impact network and information systems, their users and affected persons;

Amendment    51

Proposal for a regulation

Article 2 – paragraph 1 – point 3

Text proposed by the Commission

Amendment

(3)  'public authority' means any government or other public administration, including public advisory bodies, at national, regional or local level or any natural or legal person performing public administrative functions under national law, including specific duties;

(3)  'public authority' means any government or other public administration, including public advisory bodies, at national, regional or local level or any natural or legal person performing public administrative functions under Union and national law, including specific duties;

Amendment    52

Proposal for a regulation

Article 2 – paragraph 1 – point 4

Text proposed by the Commission

Amendment

(4)  'participating Member State' means a Member State which voluntarily contributes financially to the administrative and operational costs of the Competence Centre.

(4)  'contributing Member State' means a Member State which voluntarily contributes financially to the administrative and operational costs of the Competence Centre;

Amendment    53

Proposal for a regulation

Article 2 – paragraph 1 – point 4 a (new)

Text proposed by the Commission

Amendment

 

(4a)  ‘European Digital Innovation Hubs’ means a legal entity as defined in Regulation (EU) 2019/XXX of the European Parliament and of the Council1a.

 

__________________

 

1a Regulation (EU) 2019/XXX of the European Parliament and of the Council of ... establishing the Digital Europe programme for the period 2021-2027 (OJ L ...) (2018/0227(COD)).

Amendment    54

Proposal for a regulation

Article 3 – paragraph 1 – point a

Text proposed by the Commission

Amendment

(a)  retain and develop the cybersecurity technological and industrial capacities necessary to secure its Digital Single Market;

(a)  develop the cybersecurity technological, industrial, societal, academic and research expertise capacities and capabilities necessary to secure its Digital Single Market and further the protection of data of Union citizens, companies and public administrations;

Amendment    55

Proposal for a regulation

Article 3 – paragraph 1 – point a a (new)

Text proposed by the Commission

Amendment

 

(aa)  increase the resilience and reliability of the infrastructure of network and information systems, including critical infrastructure, the internet and commonly used hardware and software in the Union;

Amendment    56

Proposal for a regulation

Article 3 – paragraph 1 – point b

Text proposed by the Commission

Amendment

(b)  increase the competitiveness of the Union's cybersecurity industry and turn cybersecurity into competitive advantage of other Union industries.

(b)  increase the competitiveness of the Union's cybersecurity industry and turn cybersecurity into a competitive advantage of other Union industries.

Amendment    57

Proposal for a regulation

Article 3 – paragraph 1 – point b a (new)

Text proposed by the Commission

Amendment

 

(ba)  raise the awareness for cybersecurity threats, and related societal and ethical implications and concerns and reduce the skills gap in cybersecurity in the Union;

Amendment    58

Proposal for a regulation

Article 3 – paragraph 1 – point b b (new)

Text proposed by the Commission

Amendment

 

(bb)  develop European leadership in cybersecurity and ensure the highest cybersecurity standards throughout the Union;

Amendment    59

Proposal for a regulation

Article 3 – paragraph 1 – point b c (new)

Text proposed by the Commission

Amendment

 

(bc)  strengthen Union competitiveness and capacities while reducing its digital dependence by increasing the uptake of cybersecurity products, processes and services developed within the Union;

Amendment    60

Proposal for a regulation

Article 3 – paragraph 1 – point b d (new)

Text proposed by the Commission

Amendment

 

(bd)  reinforce the trust of citizens, consumers and businesses in the digital world, and therefore contribute to the goals of the Digital Single Market Strategy;

Amendment    61

Proposal for a regulation

Article 4 – paragraph 1 – point 1

Text proposed by the Commission

Amendment

1.  facilitate and help coordinate the work of the National Coordination Centres Network (‘the Network’) referred to in Article 6 and the Cybersecurity Competence Community referred to in Article 8;

1.  create, manage and facilitate the National Coordination Centres Network (‘the Network’) referred to in Article 6 and the Cybersecurity Competence Community ('the Community') referred to in Article 8;

Amendment    62

Proposal for a regulation

Article 4 – paragraph 1 – point 2

Text proposed by the Commission

Amendment

2.  contribute to the implementation of the cybersecurity part of the Digital Europe Programme established by Regulation No XXX26 and in particular actions related to Article 6 of Regulation (EU) No XXX [Digital Europe Programme] and of the Horizon Europe Programme established by Regulation No XXX27 and in particular Section 2.2.6 of Pillar II of Annex I. of Decision No XXX on establishing the specific programme implementing Horizon Europe – the Framework Programme for Research and Innovation[ref. number of the Specific Programme]. and of other Union programmes when provided for in legal acts of the Union];

2.  coordinate the implementation of the cybersecurity part of the Digital Europe Programme established by Regulation No XXX26 and in particular actions related to Article 6 of Regulation (EU) No XXX [Digital Europe Programme] and of the Horizon Europe Programme established by Regulation No XXX27 and in particular Section 2.2.6 of Pillar II of Annex I. of Decision No XXX on establishing the specific programme implementing Horizon Europe – the Framework Programme for Research and Innovation[ref. number of the Specific Programme]. and of other Union programmes when provided for in legal acts of the Union] and contribute to the implementation of the actions funded by the European Defence Fund established by Regulation (EU) 2019/XXX;

__________________

__________________

26 [add full title and OJ reference]

26 [add full title and OJ reference]

27 [add full title and OJ reference]

27 [add full title and OJ reference]

Amendment    63

Proposal for a regulation

Article 4 – paragraph 1 – point 3 – introductory part

Text proposed by the Commission

Amendment

3.  enhance cybersecurity capabilities, knowledge and infrastructures at the service of industries, the public sector and research communities, by carrying out the following tasks:

3.  enhance cybersecurity resilience, capacities, capabilities, knowledge and infrastructures at the service of society, industries, the public sector and research communities, by carrying out the following tasks, having regard to the state-of-the-art cybersecurity industrial and research infrastructures and related services:

Amendment    64

Proposal for a regulation

Article 4 – paragraph 1 – point 3 – point a

Text proposed by the Commission

Amendment

(a)  having regard to the state-of-the-art cybersecurity industrial and research infrastructures and related services , acquiring, upgrading, operating and making available such infrastructures and related services to a wide range of users across the Union from industry including SMEs, the public sector and the research and scientific community;

(a)  acquiring, upgrading, operating and making available the Competence Centre’s facilities and related services in a fair, open and transparent way to a wide range of users across the Union from industry in particular SMEs, the public sector and the research and scientific community;

Amendment    65

Proposal for a regulation

Article 4 – paragraph 1 – point 3 – point b

Text proposed by the Commission

Amendment

(b)  having regard to the state-of-the-art cybersecurity industrial and research infrastructures and related services, providing support to other entities, including financially, to acquiring, upgrading, operating and making available such infrastructures and related services to a wide range of users across the Union from industry including SMEs, the public sector and the research and scientific community;

(b)  providing support to other entities, including financially, to acquiring, upgrading, operating and making available such facilities and related services to a wide range of users across the Union from industry, in particular SMEs, the public sector and the research and scientific community;

Amendment    66

Proposal for a regulation

Article 4 – paragraph 1 – point 3 – point b a (new)

Text proposed by the Commission

Amendment

 

(ba)  providing financial support and technical assistance to cybersecurity start-ups, SMEs, micro-enterprises, associations, individual experts and to civic tech projects;

Amendment    67

Proposal for a regulation

Article 4 – paragraph 1 – point 3 – point b b (new)

Text proposed by the Commission

Amendment

 

(bb)  financing software security code audits and related improvements for Free and Open Source Software projects, commonly used for infrastructure, products and processes;

Amendment    68

Proposal for a regulation

Article 4 – paragraph 1 – point 3 – point c

Text proposed by the Commission

Amendment

(c)  providing cybersecurity knowledge and technical assistance to industry and public authorities, in particular by supporting actions aimed at facilitating access to the expertise available in the Network and the Cybersecurity Competence Community;

(c)  facilitating the sharing of cybersecurity knowledge and technical assistance among others to civil society, the industry and public authorities, and the academic and research community, in particular by supporting actions aimed at facilitating access to the expertise available in the Network and the Cybersecurity Competence Community with the aim of improving cyber resilience within the Union;

Amendment    69

Proposal for a regulation

Article 4 – paragraph 1 – point 3 – point c a (new)

Text proposed by the Commission

Amendment

 

(ca)  promoting “security by design” as principle in the process of developing, maintaining, operating, and updating infrastructures, products and services, in particular by supporting state-of-the-art secure development methods, adequate security testing, security audits, and including the commitment of producer or provider to make available updates remedying new vulnerabilities or threats, without delay, and beyond the estimated product lifetime, or enabling a third party to create and provide such updates;

Amendment    70

Proposal for a regulation

Article 4 – paragraph 1 – point 3 – point c b (new)

Text proposed by the Commission

Amendment

 

(cb)  assisting source code contribution policies and their development, in particular for public authorities where Free and Open Source Software projects are used;

Amendment    71

Proposal for a regulation

Article 4 – paragraph 1 – point 3 – point c c (new)

Text proposed by the Commission

Amendment

 

(cc)  bringing together stakeholders from industry, trade unions, academia, research organisations and public entities to ensure long-term cooperation on developing and implementing cybersecurity products and processes, including pooling and sharing of resources and information regarding such products and processes if appropriate;

Amendment    72

Proposal for a regulation

Article 4 – paragraph 1 – point 4 – introductory part

Text proposed by the Commission

Amendment

4.  contribute to the wide deployment of state-of-the-art cyber security products and solutions across the economy, by carrying out the following tasks:

4.  contribute to the wide deployment of state-of-the-art and sustainable cyber security products and processes across the Union, by carrying out the following tasks:

Amendment    73

Proposal for a regulation

Article 4 – paragraph 1 – point 4 – point a

Text proposed by the Commission

Amendment

(a)  stimulating cybersecurity research, development and the uptake of Union cybersecurity products and solutions by public authorities and user industries;

(a)  stimulating cybersecurity research, development and the uptake of Union cybersecurity products and holistic processes throughout the entire innovation cycle, by, inter alia, public authorities, the industry and the market;

Amendment    74

Proposal for a regulation

Article 4 – paragraph 1 – point 4 – point b

Text proposed by the Commission

Amendment

(b)  assisting public authorities, demand side industries and other users in adopting and integrating the latest cyber security solutions;

(b)  assisting public authorities, demand side industries and other users in increasing their resilience by adopting and integrating state-of-the-art cybersecurity products and processes;

Amendment    75

Proposal for a regulation

Article 4 – paragraph 1 – point 4 – point c

Text proposed by the Commission

Amendment

(c)  supporting in particular public authorities in organising their public procurement, or carrying out procurement of state-of-the-art cybersecurity products and solutions on behalf of public authorities;

(c)  supporting in particular public authorities in organising their public procurement, or carrying out procurement of state-of-the-art cybersecurity products and processes on behalf of public authorities, including by providing support for procurement, to increase the security of and the benefits from public investment;

Amendment    76

Proposal for a regulation

Article 4 – paragraph 1 – point 4 – point d

Text proposed by the Commission

Amendment

(d)  providing financial support and technical assistance to cybersecurity start-ups and SMEs to connect to potential markets and to attract investment;

(d)  providing financial support and technical assistance to cybersecurity start-ups and SMEs, micro-enterprises, individual experts, commonly used Free and Open Source Software projects, and civic tech projects, to enhance expertise on cybersecurity, connect to potential markets and deployment opportunities, and to attract investment;

Amendment    77

Proposal for a regulation

Article 4 – paragraph 1 – point 5 – introductory part

Text proposed by the Commission

Amendment

5.  improve the understanding of cybersecurity and contribute to reducing skills gaps in the Union related to cybersecurity by carrying out the following tasks:

5.  improve the understanding of cybersecurity and contribute to reducing skills gaps and strengthening the level of skills in the Union related to cybersecurity by carrying out the following tasks:

Amendment    78

Proposal for a regulation

Article 4 – paragraph 1 – point 5 – point -a (new)

Text proposed by the Commission

Amendment

 

(-a)  supporting, where appropriate, the achievement of the specific objective 4, Advanced digital skills, of the Digital Europe Programme in cooperation with European Digital Innovation Hubs;

Amendment    79

Proposal for a regulation

Article 4 – paragraph 1 – point 5 – point a

Text proposed by the Commission

Amendment

(a)  supporting further development of cybersecurity skills , where appropriate together with relevant EU agencies and bodies including ENISA.

(a)  supporting further development, pooling, and sharing of cybersecurity skills and competences at all relevant educational levels, supporting the objective of achieving gender balance, facilitating a common high level of cybersecurity knowledge and contributing to the resilience of users and infrastructures throughout the Union in coordination with the Network and, where appropriate, aligning with relevant EU agencies and bodies including ENISA;

Amendment    80

Proposal for a regulation

Article 4 – paragraph 1 – point 6 – point a

Text proposed by the Commission

Amendment

(a)  providing financial support to cybersecurity research efforts based on a common, continuously evaluated and improved multiannual strategic, industrial, technology and research agenda;

(a)  providing financial support to cybersecurity research efforts based on a common, continuously evaluated and improved multiannual strategic, industrial, technology and research plan referred to in Article 13 ;

Amendment    81

Proposal for a regulation

Article 4 – paragraph 1 – point 6 – point b

Text proposed by the Commission

Amendment

(b)  support large-scale research and demonstration projects in next generation cybersecurity technological capabilities, in collaboration with the industry and the Network;

(b)  supporting large-scale research and demonstration projects in next generation cybersecurity technological capabilities, in collaboration with the industry, the academic and research community, public sector and authorities, including the Network and the Community ;

Amendment    82

Proposal for a regulation

Article 4 – paragraph 1 – point 6 – point b a (new)

Text proposed by the Commission

Amendment

 

(ba)  ensuring respect for fundamental rights and ethical conduct in cybersecurity research projects supported by the Competence Centre;

Amendment    83

Proposal for a regulation

Article 4 – paragraph 1 – point 6 – point b b (new)

Text proposed by the Commission

Amendment

 

(bb)  monitoring reports of vulnerabilities discovered by the Community and facilitating the disclosure of vulnerabilities, the development of patches, fixes and solutions, and the distribution of those;

Amendment    84

Proposal for a regulation

Article 4 – paragraph 1 – point 6 – point b c (new)

Text proposed by the Commission

Amendment

 

(bc)  monitoring research results regarding self-learning algorithms used for malicious cyber activities in collaboration with ENISA and supporting the implementation of Directive (EU) 2016/1148 ;

Amendment    85

Proposal for a regulation

Article 4 – paragraph 1 – point 6 – point b d (new)

Text proposed by the Commission

Amendment

 

(bd)  supporting research in the field of cybercrime;

Amendment    86

Proposal for a regulation

Article 4 – paragraph 1 – point 6 – point b e (new)

Text proposed by the Commission

Amendment

 

(be)  supporting the research and development of products and processes that can be freely studied, shared, and built upon, in particular in the field of verified and verifiable hard- and software, in close cooperation with the industry, the Network and the Community;

Amendment    87

Proposal for a regulation

Article 4 – paragraph 1 – point 6 – point c

Text proposed by the Commission

Amendment

(c)  support research and innovation for standardisation in cybersecurity technology

(c)  support research and innovation for formal and non-formal standardisation and certification in cybersecurity technology, linking to the existing work and where appropriate in close cooperation with the European Standardisation Organisations, certification bodies and ENISA;

Amendment    88

Proposal for a regulation

Article 4 – paragraph 1 – point 6 – point c a (new)

Text proposed by the Commission

Amendment

 

(ca)  provide special support to SMEs by facilitating their access to knowledge and training through tailored access to the deliverables of research and development reinforced by the Competence Centre and the Network in order to increase competitiveness;

Amendment    89

Proposal for a regulation

Article 4 – paragraph 1 – point 8 – point b a (new)

Text proposed by the Commission

Amendment

 

(ba)  assisting and providing advice to the Commission with regard to the implementation of Regulation (EU) 2019/XXX [recast of Regulation (EC) No 428/2009 as proposed by COM(2016)616].

Amendment    90

Proposal for a regulation

Article 4 – paragraph 1 – point 8 a (new)

Text proposed by the Commission

Amendment

 

8a.  contribute to the Union’s efforts to enhance international cooperation with regard to cybersecurity by:

 

(a)  facilitating the participation of the Competence Centre in international conferences and governmental organisations as well as the contribution to international standardisation organisations;

 

(b)  cooperating with third countries and international organisations within relevant international cooperation frameworks.

Amendment    91

Proposal for a regulation

Article 5 – title

Text proposed by the Commission

Amendment

Investment in and use of infrastructures, capabilities, products or solutions

Investment in and use of infrastructures, capabilities, products or processes

Amendment    92

Proposal for a regulation

Article 5 – paragraph 1 – introductory part

Text proposed by the Commission

Amendment

1.  Where the Competence Centre provides funding for infrastructures, capabilities, products or solutions pursuant to Article 4(3) and (4) in the form of a grant or a prize, the work plan of the Competence Centre may specify in particular:

1.  Where the Competence Centre provides funding for infrastructures, capabilities, products or processes pursuant to Article 4(3) and (4) in the form of a procurement, grant or a prize, the work plan of the Competence Centre may specify in particular:

Amendment    93

Proposal for a regulation

Article 5 – paragraph 1 – point a

Text proposed by the Commission

Amendment

(a)  rules governing the operation of an infrastructure or capability, including where relevant entrusting the operation to a hosting entity based on criteria that the Competence Centre shall define;

(a)  specific rules governing the operation of an infrastructure or capability, including where relevant entrusting the operation to a hosting entity based on criteria that the Competence Centre shall define;

Amendment    94

Proposal for a regulation

Article 5 – paragraph 1 – point b a (new)

Text proposed by the Commission

Amendment

 

(ba)  specific rules governing different phases of implementation;

Amendment    95

Proposal for a regulation

Article 5 – paragraph 1 – point b b (new)

Text proposed by the Commission

Amendment

 

(bb)  that as a result of Union contribution, access is as open as possible and as closed as necessary, and re-use is possible.

Amendment    96

Proposal for a regulation

Article 5 – paragraph 2

Text proposed by the Commission

Amendment

2.  The Competence Centre may be responsible for the overall execution of relevant joint procurement actions including pre-commercial procurements on behalf of members of the Network, members of the cybersecurity Competence Community, or other third parties representing the users of cybersecurity products and solutions. For this purpose, the Competence Centre may be assisted by one or more National Coordination Centres or members of the Cybersecurity Competence Community.

2.  The Competence Centre may be responsible for the overall execution of relevant joint procurement actions including pre-commercial procurements on behalf of members of the Network. For this purpose, the Competence Centre may be assisted by one or more National Coordination Centres, members of the Cybersecurity Competence Community or relevant European Digital Innovation Hubs.

Amendment    97

Proposal for a regulation

Article 6 – paragraph -1 (new)

Text proposed by the Commission

Amendment

 

-1.  One National Coordination Centre shall be set up in each Member State.

Amendment    98

Proposal for a regulation

Article 6 – paragraph 4

Text proposed by the Commission

Amendment

4.  The nominated National Coordination Centre shall have the capability to support the Competence Centre and the Network in fulfilling their mission laid out in Article 3 of this Regulation. They shall possess or have direct access to technological expertise in cybersecurity and be in a position to effectively engage and coordinate with industry, the public sector and the research community.

4.  The nominated National Coordination Centre shall have the capability to support the Competence Centre and the Network in fulfilling their mission laid out in Article 3 of this Regulation. They shall possess or have direct access to technological expertise in cybersecurity and be in a position to effectively engage and coordinate with industry, the public sector, the academic and research community, and citizens. The Commission shall issue guidelines further detailing the assessment procedure and explaining the application of the criteria.

Amendment    99

Proposal for a regulation

Article 6 – paragraph 5

Text proposed by the Commission

Amendment

5.  The relationship between the Competence Centre and the National Coordination Centres shall be based on a contractual agreement signed between the Competence Centre and each of the National Coordination Centres. The agreement shall provide for the rules governing the relationship and division of tasks between the Competence Centre and each National Coordination Centre.

5.  The relationship between the Competence Centre and the National Coordination Centres shall be based on a standard contractual agreement signed between the Competence Centre and each of the National Coordination Centres. The agreement shall consist of the same set of harmonised general conditions providing the rules governing the relationship and division of tasks between the Competence Centre and each National Coordination Centre and special conditions tailored on the particular National Coordination Centre.

Amendment    100

Proposal for a regulation

Article 6 – paragraph 5 a (new)

Text proposed by the Commission

Amendment

 

5a.  The Commission shall adopt delegated acts in accordance with Article 45a in order to supplement this Regulation by establishing the harmonised general conditions of the contractual agreements referred to in paragraph 5 of this Article, including their format.

Amendment    101

Proposal for a regulation

Article 7 – paragraph 1 – point a

Text proposed by the Commission

Amendment

(a)  supporting the Competence Centre in achieving its objectives and in particular in coordinating the Cybersecurity Competence Community;

(a)  supporting the Competence Centre in achieving its objectives and in particular in establishing and coordinating the Cybersecurity Competence Community;

Amendment    102

Proposal for a regulation

Article 7 – paragraph 1 – point b

Text proposed by the Commission

Amendment

(b)  facilitating the participation of industry and other actors at the Member State level in cross-border projects;

(b)  promoting, encouraging and facilitating the participation of civil society, industry, in particular start-ups and SMEs, academic and research community and other actors at the Member State level in cross-border projects;

Amendment    103

Proposal for a regulation

Article 7 – paragraph 1 – point b a (new)

Text proposed by the Commission

Amendment

 

(ba)  in cooperation with other entities with similar tasks, operating as a one-stop-shop for cybersecurity products and processes financed through other Union programmes like InvestEU or the Single Market Programme, in particular for SMEs;

Amendment    104

Proposal for a regulation

Article 7 – paragraph 1 – point c

Text proposed by the Commission

Amendment

(c)  contributing, together with the Competence Centre, to identifying and addressing sector-specific cyber security industrial challenges;

(c)  contributing, together with the Competence Centre, to identifying and addressing sector-specific cyber security challenges;

Amendment    105

Proposal for a regulation

Article 7 – paragraph 1 – point c a (new)

Text proposed by the Commission

Amendment

 

(ca)  cooperating closely with National Standardisation Organisations to promote the uptake of existing standards and to involve all relevant stakeholders, particularly SMEs, in setting new standards;

Amendment    106

Proposal for a regulation

Article 7 – paragraph 1 – point e

Text proposed by the Commission

Amendment

(e)  seeking to establish synergies with relevant activities at the national and regional level;

(e)  seeking to establish synergies with relevant activities at the national, regional and local level;

Amendment    107

Proposal for a regulation

Article 7 – paragraph 1 – point f a (new)

Text proposed by the Commission

Amendment

 

(fa)  promoting and disseminating a common minimal cybersecurity educational curricula in cooperation with the relevant bodies in the Member States;

Amendment    108

Proposal for a regulation

Article 7 – paragraph 1 – point g

Text proposed by the Commission

Amendment

(g)  promoting and disseminating the relevant outcomes of the work by the Network, the Cybersecurity Competence Community and the Competence Centre at national or regional level;

(g)  promoting and disseminating the relevant outcomes of the work by the Network, the Cybersecurity Competence Community and the Competence Centre at national, regional or local level;

Amendment    109

Proposal for a regulation

Article 7 – paragraph 1 – point h

Text proposed by the Commission

Amendment

(h)  assessing requests by entities established in the same Member State as the Coordination Centre for becoming part of the Cybersecurity Competence Community.

(h)  assessing requests by entities and individuals established in the same Member State as the Coordination Centre for becoming part of the Cybersecurity Competence Community.

Amendment    110

Proposal for a regulation

Article 7 – paragraph 4

Text proposed by the Commission

Amendment

4.  National Coordination Centres shall, where relevant, cooperate through the Network for the purpose of implementing tasks referred to in points (a), (b), (c), (e) and (g) of paragraph 1.

4.  National Coordination Centres shall, where relevant, cooperate through the Network and coordinate with the relevant European Digital Innovation Hubs for the purpose of implementing tasks referred to in paragraph 1.

Amendment    111

Proposal for a regulation

Article 8 – paragraph 1

Text proposed by the Commission

Amendment

1.  The Cybersecurity Competence Community shall contribute to the mission of the Competence Centre as laid down in Article 3 and enhance and disseminate cybersecurity expertise across the Union.

1.  The Cybersecurity Competence Community contributes to the mission of the Competence Centre as laid down in Article 3 and enhances, pools, shares, and disseminate cybersecurity expertise across the Union and provides technical expertise.

Amendment    112

Proposal for a regulation

Article 8 – paragraph 2

Text proposed by the Commission

Amendment

2.  The Cybersecurity Competence Community shall consist of industry, academic and non-profit research organisations, and associations as well as public entities and other entities dealing with operational and technical matters. It shall bring together the main stakeholders with regard to cybersecurity technological and industrial capacities in the Union. It shall involve National Coordination Centres as well as Union institutions and bodies with relevant expertise..

2.  The Cybersecurity Competence Community shall consist of civil society, industry from the demand and supply-side, including SMEs, academic and research community, associations of users, individual experts, relevant European Standardisation Organisations, and other associations as well as public entities and other entities dealing with operational and technical matters in the area of cybersecurity. It shall bring together the main stakeholders with regard to cybersecurity technological, industrial, academic and research, and societal capacities and capabilities in the Union. and shall involve National Coordination Centres, European Digital Innovation Hubs as well as Union institutions and bodies with relevant expertise as referred to in Article 10 of this Regulation.

Amendment    113

Proposal for a regulation

Article 8 – paragraph 3 – introductory part

Text proposed by the Commission

Amendment

3.  Only entities which are established within the Union may be accredited as members of the Cybersecurity Competence Community. They shall demonstrate that they have cybersecurity expertise with regard to at least one of the following domains:

3.  Only entities which are established and individuals resident within the Union, the European Economic Area (EEA) or the European Free Trade Association (EFTA) may be accredited as members of the Cybersecurity Competence Community. Applicants shall demonstrate that they can provide cybersecurity expertise with regard to at least one of the following domains:

Amendment    114

Proposal for a regulation

Article 8 – paragraph 3 – point a

Text proposed by the Commission

Amendment

(a)  research;

(a)  academia or research;

Amendment    115

Proposal for a regulation

Article 8 – paragraph 3 – point c a (new)

Text proposed by the Commission

Amendment

 

(ca)  ethics;

Amendment    116

Proposal for a regulation

Article 8 – paragraph 3 – point c b (new)

Text proposed by the Commission

Amendment

 

(cb)  formal and technical standardisation and specifications.

Amendment    117

Proposal for a regulation

Article 8 – paragraph 4

Text proposed by the Commission

Amendment

4.  The Competence Centre shall accredit entities established under national law as members of the Cybersecurity Competence Community after an assessment made by the National Coordination Centre of the Member State where the entity is established, on whether that entity meets the criteria provided for in paragraph 3. An accreditation shall not be limited in time but may be revoked by the Competence Centre at any time if it or the relevant National Coordination Centre considers that the entity does not fulfil the criteria set out in paragraph 3 or it falls under the relevant provisions set out in Article 136 of Regulation XXX [new financial regulation].

4.  The Competence Centre shall accredit entities established under national law, or individuals, as members of the Cybersecurity Competence Community after a harmonised assessment made by the Competence Centre, the National Coordination Centre of the Member State where the entity is established, or the individual is a resident, on whether that entity meets the criteria provided for in paragraph 3. An accreditation shall not be limited in time but may be revoked by the Competence Centre at any time if it or the relevant National Coordination Centre considers that the entity or individual does not fulfil the criteria set out in paragraph 3 or it falls under the relevant provisions set out in Article 136 of Regulation XXX [new financial regulation]. The National Coordination Centres of the Member States shall aim to achieve a balanced representation of stakeholders in the Community, actively stimulating participation from under-represented categories, especially SMEs, and groups of individuals.

Amendment    118

Proposal for a regulation

Article 8 – paragraph 4 a (new)

Text proposed by the Commission

Amendment

 

4a.  The Commission shall adopt delegated acts in accordance with Article 45a in order to supplement this Regulation by detailing the criteria provided for in paragraph 3 of this Article according to which applicants are selected, and the procedures for assessing and accrediting entities that meet the criteria referred to in paragraph 4 of this Article.

Amendment    119

Proposal for a regulation

Article 9 – paragraph 1 – point 5 a (new)

Text proposed by the Commission

Amendment

 

(5a)  support the Competence Centre by reporting and disclosing vulnerabilities, helping to mitigate them and providing advice on how to reduce such vulnerabilities including through certification under the schemes adopted in conformity with Regulation (EU) 2019/XXX [the Cybersecurity Act].

Amendment    120

Proposal for a regulation

Article 10 – paragraph 1

Text proposed by the Commission

Amendment

1.  The Competence Centre shall cooperate with relevant Union institutions, bodies, offices and agencies including the European Union Agency for Network and Information Security, the Computer Emergency Response Team (CERT-EU), the European External Action Service, the Joint Research Centre of the Commission, the Research Executive Agency, Innovation and Networks Executive Agency, European Cybercrime Centre at Europol as well as the European Defence Agency.

1.  To ensure coherence and complementarity, the Competence Centre shall cooperate with relevant Union institutions, bodies, offices and agencies including the European Union Agency for Network and Information Security (ENISA), the Computer Emergency Response Team (CERT-EU), the European External Action Service, the Joint Research Centre of the Commission, the Research Executive Agency, Innovation and Networks Executive Agency, relevant European Digital Innovation Hubs, European Cybercrime Centre at Europol as well as the European Defence Agency as regards dual-use projects, services and competences.

Amendment    121

Proposal for a regulation

Article 10 – paragraph 2

Text proposed by the Commission

Amendment

2.  Such cooperation shall take place within the framework of working arrangements. Those arrangements shall be submitted to the prior approval of the Commission.

2.  Such cooperation shall take place within the framework of working arrangements. Those arrangements shall be adopted by the Governing Board after prior approval of the Commission.

Amendment    122

Proposal for a regulation

Article 12 – paragraph 1

Text proposed by the Commission

Amendment

1.  The Governing Board shall be composed of one representative of each Member State, and five representatives of the Commission, on behalf of the Union.

1.  The Governing Board shall be composed of one representative of each Member State, one representative nominated by the European Parliament as an observer, and four representatives of the Commission, on behalf of the Union, aiming to achieve gender balance among board members and their alternates.

Amendment    123

Proposal for a regulation

Article 12 – paragraph 3

Text proposed by the Commission

Amendment

3.  Members of the Governing Board and their alternates shall be appointed in light of their knowledge in the field of technology as well as of relevant managerial, administrative and budgetary skills. The Commission and the Member States shall make efforts to limit the turnover of their representatives in the Governing Board, in order to ensure continuity of the Board’s work. The Commission and the Member States shall aim to achieve a balanced representation between men and women on the Governing Board.

3.  Members of the Governing Board and their alternates shall be appointed in light of their knowledge in the field of cybersecurity as well as of relevant managerial, administrative and budgetary skills. The Commission and the Member States shall make efforts to limit the turnover of their representatives in the Governing Board, in order to ensure continuity of the Board’s work. The Commission and the Member States shall aim to achieve a balanced representation between men and women on the Governing Board.

Amendment    124

Proposal for a regulation

Article 12 – paragraph 6

Text proposed by the Commission

Amendment

6.  The Commission may invite observers, including representatives of relevant Union bodies, offices and agencies, to take part in the meetings of the Governing Board as appropriate.

6.  The Governing Board may invite observers, including representatives of relevant Union bodies, offices and agencies, and the members of the Community, to take part in the meetings of the Governing Board as appropriate.

Amendment    125

Proposal for a regulation

Article 12 – paragraph 7

Text proposed by the Commission

Amendment

7.  The European Agency for Network and Information Security (ENISA) shall be a permanent observer in the Governing Board.

7.  The European Agency for Network and Information Security (ENISA), and the Industrial and Scientific Advisory Board, shall be permanent observers in the Governing Board, in an advisory role without voting rights. The Governing Board shall have the utmost regard to the views expressed by the permanent observers.

Amendment    126

Proposal for a regulation

Article 13 – paragraph 3 – point a

Text proposed by the Commission

Amendment

(a)  adopt a multi-annual strategic plan, containing a statement of the major priorities and planned initiatives of the Competence Centre, including an estimate of financing needs and sources;

(a)  adopt a multi-annual strategic plan, containing a statement of the major priorities and planned initiatives of the Competence Centre, including an estimate of financing needs and sources, taking into account advice provided by ENISA;

Amendment    127

Proposal for a regulation

Article 13 – paragraph 3 – point b

Text proposed by the Commission

Amendment

(b)  adopt the Competence Centre's work plan, annual accounts and balance sheet and annual activity report, on the basis of a proposal from the Executive Director;

(b)  adopt the Competence Centre's work plan, annual accounts and balance sheet and annual activity report, on the basis of a proposal from the Executive Director, taking into account advice provided by ENISA;

Amendment    128

Proposal for a regulation

Article 13 – paragraph 3 – point e

Text proposed by the Commission

Amendment

(e)  adopt the criteria and procedures for assessing and accrediting the entities as members of the Cybersecurity Competence Community;

(e)  adopt the procedures for assessing and accrediting the entities as members of the Cybersecurity Competence Community;

Amendment    129

Proposal for a regulation

Article 13 – paragraph 3 – point e a (new)

Text proposed by the Commission

Amendment

 

(ea)  adopt the working arrangements referred to in Article 10(2);

Amendment    130

Proposal for a regulation

Article 13 – paragraph 3 – point g a (new)

Text proposed by the Commission

Amendment

 

(ga)  adopt transparency rules for the Competence Centre;

Amendment    131

Proposal for a regulation

Article 13 – paragraph 3 – point i

Text proposed by the Commission

Amendment

(i)  establish working groups with members of the Cybersecurity Competence Community;

(i)  establish working groups with members of the Cybersecurity Competence Community, taking into account advice provided by the permanent observers;

Amendment    132

Proposal for a regulation

Article 13 – paragraph 3 – point l

Text proposed by the Commission

Amendment

(l)  promote the Competence Centre globally, so as to raise its attractiveness and make it a world-class body for excellence in cybersecurity;

(l)  promote the cooperation of the Competence Centre with global actors;

Amendment    133

Proposal for a regulation

Article 13 – paragraph 3 – point r

Text proposed by the Commission

Amendment

(r)  adopt an anti-fraud strategy that is proportionate to the fraud risks having regard to a cost-benefit analysis of the measures to be implemented;

(r)  adopt an anti-fraud and anti-corruption strategy that is proportionate to the fraud and corruption risks having regard to a cost-benefit analysis of the measures to be implemented, as well as adopt comprehensive protection measures for persons reporting on breaches of Union law in accordance with applicable Union legislation;

Amendment    134

Proposal for a regulation

Article 13 – paragraph 3 – point s

Text proposed by the Commission

Amendment

(s)  adopt the methodology to calculate the financial contribution from Member States;

(s)  adopt an extensive definition of financial contributions from Member States and a methodology to calculate the amount of Member States’ voluntary contributions that can be accounted for as financial contributions according to this definition. This calculation shall be executed at the end of every financial year;

Amendment    135

Proposal for a regulation

Article 14 – paragraph 1

Text proposed by the Commission

Amendment

1.  The Governing Board shall elect a Chairperson and a Deputy Chairperson from among the members with voting rights, for a period of two years. The mandate of the Chairperson and the Deputy Chairperson may be extended once, following a decision by the Governing Board. If, however, their membership of the Governing Board ends at any time during their term of office, their term of office shall automatically expire on that date. The Deputy Chairperson shall ex officio replace the Chairperson if the latter is unable to attend to his or her duties. The Chairperson shall take part in the voting.

1.  The Governing Board shall elect a Chairperson and a Deputy Chairperson from among the members with voting rights, for a period of two years, aiming to achieve gender balance. The mandate of the Chairperson and the Deputy Chairperson may be extended once, following a decision by the Governing Board. If, however, their membership of the Governing Board ends at any time during their term of office, their term of office shall automatically expire on that date. The Deputy Chairperson shall ex officio replace the Chairperson if the latter is unable to attend to his or her duties. The Chairperson shall take part in the voting.

Amendment    136

Proposal for a regulation

Article 14 – paragraph 3

Text proposed by the Commission

Amendment

3.  The Executive Director shall take part in the deliberations, unless decided otherwise by the Governing Board, but shall have no voting rights. The Governing Board may invite, on a case-by-case basis, other persons to attend its meetings as observers.

3.  The Executive Director shall take part in the deliberations, unless decided otherwise by the Governing Board, but shall have no voting rights.

Amendment    137

Proposal for a regulation

Article 14 – paragraph 4

Text proposed by the Commission

Amendment

4.  Members of the Industrial and Scientific Advisory Board may take part, upon invitation from the Chairperson, in the meetings of the Governing Board, without voting rights.

deleted

Amendment    138

Proposal for a regulation

Article 15

Text proposed by the Commission

Amendment

Article 15

deleted

Voting rules of the Governing Board

 

1.  The Union shall hold 50 % of the voting rights. The voting rights of the Union shall be indivisible.

 

2.  Every participating Member State shall hold one vote.

 

3.  The Governing Board shall take its decisions by a majority of at least 75% of all votes, including the votes of the members who are absent, representing at least 75% of the total financial contributions to the Competence Centre. The financial contribution will be calculated based on the estimated expenditures proposed by the Member States referred to in point c of Article 17(2) and based on the report on the value of the contributions of the participating Member States referred to in Article 22(5).

 

4.  Only the representatives of the Commission and the representatives of the participating Member States shall hold voting rights.

 

5.  The Chairperson shall take part in the voting.

 

Amendment    139

Proposal for a regulation

Article 15 a (new)

Text proposed by the Commission

Amendment

 

Article 15a

 

Voting rules of the Governing Board

 

1.  Decisions subject to vote may concern:

 

(a)  governance and organisation of the Competence Centre and the Network;

 

(b)  allocation of budget for the Competence Centre and the Network;

 

(c)  joint actions by several Member States, possibly complemented by Union budget further to decision allocated according to point (b).

 

2.  The Governing Board shall take its decisions by a majority of at least 75% of all votes, including the votes of the members who are absent. The voting rights of the Union shall be represented by the Commission and shall be indivisible.

 

3.  For decisions under point (a) of paragraph 1, each Member States shall be represented and have the same equal rights of vote. For the remaining votes available up to 100%, the Union should have at least 50% of the voting rights corresponding to its financial contribution.

 

4.  For decisions falling under point (b) or (c) of paragraph 1, or any other decision not falling under any other category of paragraph 1, the Union shall hold at least 50 % of the voting rights corresponding to its financial contribution. Only contributing Member States shall have voting rights and they will correspond to its financial contribution.

 

5.  In case the Chairperson has been elected from among the representatives of the Member States, the Chairperson shall take part in the voting as a representative of his/her Member State.

Amendment    140

Proposal for a regulation

Article 16 – paragraph 3

Text proposed by the Commission

Amendment

3.  The Executive Director shall be appointed by the Governing Board from a list of candidates proposed by the Commission, following an open and transparent selection procedure.

3.  The Executive Director shall be appointed by the Governing Board from a list of candidates proposed by the Commission, including nominations aiming to achieve gender balance from the Member States, following an open, transparent and non-discriminatory selection procedure.

Amendment    141

Proposal for a regulation

Article 16 – paragraph 5

Text proposed by the Commission

Amendment

5.  The term of office of the Executive Director shall be four years. By the end of that period, the Commission shall carry out an assessment which takes into account the evaluation of the performance of the Executive Director and the Competence Centre’s future tasks and challenges.

5.  The term of office of the Executive Director shall be five years. By the end of that period, the Commission shall carry out an assessment which takes into account the evaluation of the performance of the Executive Director and the Competence Centre’s future tasks and challenges.

Amendment    142

Proposal for a regulation

Article 16 – paragraph 6

Text proposed by the Commission

Amendment

6.  The Governing Board may, acting on a proposal from the Commission which takes into account the assessment referred to in paragraph 5, extend once the term of office of the Executive Director for no more than four years.

6.  The Governing Board may, acting on a proposal from the Commission which takes into account the assessment referred to in paragraph 5, extend once the term of office of the Executive Director for no more than five years.

Amendment    143

Proposal for a regulation

Article 16 – paragraph 8

Text proposed by the Commission

Amendment

8.  The Executive Director shall be removed from office only by decision of the Governing Board, acting on a proposal from the Commission.

8.  The Executive Director shall be removed from office only by decision of the Governing Board, acting on proposal from its members or on a proposal from the Commission.

Amendment    144

Proposal for a regulation

Article 17 – paragraph 2 – point c

Text proposed by the Commission

Amendment

(c)  after consultation with the Governing Board and the Commission, prepare and submit for adoption to the Governing Board the draft multiannual strategic plan and the draft annual work plan of the Competence Centre including the scope of the calls for proposals, calls for expressions of interest and calls for tenders needed to implement the work plan and the corresponding expenditure estimates as proposed by the Member States and the Commission;

(c)  after consultation with the Governing Board, the Industrial and Scientific Advisory Board, ENISA, and the Commission, prepare and submit for adoption to the Governing Board the draft multiannual strategic plan and the draft annual work plan of the Competence Centre including the scope of the calls for proposals, calls for expressions of interest and calls for tenders needed to implement the work plan and the corresponding expenditure estimates as proposed by the Member States and the Commission;

Amendment    145

Proposal for a regulation

Article 17 – paragraph 2 – point h

Text proposed by the Commission

Amendment

(h)  prepare an action plan following-up on the conclusions of the retrospective evaluations and reporting on progress every two years to the Commission

(h)  prepare an action plan following-up on the conclusions of the retrospective evaluations and reporting on progress every two years to the Commission and the European Parliament;

Amendment    146

Proposal for a regulation

Article 17 – paragraph 2 – point l

Text proposed by the Commission

Amendment

(l)  approve the list of actions selected for funding on the basis of the ranking list established by a panel of independent experts;

(l)  after consultation with the Industrial and Scientific Advisory Board and ENISA, approve the list of actions selected for funding on the basis of the ranking list established by a panel of independent experts;

Amendment    147

Proposal for a regulation

Article 17 – paragraph 2 – point s

Text proposed by the Commission

Amendment

(s)  prepare an action plan following-up conclusions of internal or external audit reports, as well as investigations by the European Anti-Fraud Office (OLAF) and reporting on progress twice a year to the Commission and regularly to the Governing Board;

(s)  prepare an action plan following-up conclusions of internal or external audit reports, as well as investigations by the European Anti-Fraud Office (OLAF) and reporting on progress twice a year to the Commission and the European Parliament and regularly to the Governing Board;

Amendment    148

Proposal for a regulation

Article 17 – paragraph 2 – point v

Text proposed by the Commission

Amendment

(v)  ensure effective communication with the Union's institutions;

(v)  ensure effective communication with the Union's institutions and report to the European Parliament and to the Council on invitation;

Amendment    149

Proposal for a regulation

Article 18 – paragraph 1

Text proposed by the Commission

Amendment

1.  The Industrial and Scientific Advisory Board shall consist of no more than 16 members. The members shall be appointed by the Governing Board from among the representatives of the entities of the Cybersecurity Competence Community.

1.  The Industrial and Scientific Advisory Board shall consist of no more than 25 members. The members shall be appointed by the Governing Board from among the representatives of the entities of the Community, or its individual members. Only representatives of entities which are not controlled by a third country or a third country entitiy except from EEA and EFTA countries shall be eligible. The appointment shall be done according to an open, transparent and non-discriminatory procedure. The Board composition shall aim to achieve gender balance, and include a balanced representation of the stakeholder groups from industry, academic community and civil society.

Amendment    150

Proposal for a regulation

Article 18 – paragraph 2

Text proposed by the Commission

Amendment

2.  Members of the Industrial and Scientific Advisory Board shall have expertise either with regard to cybersecurity research, industrial development, professional services or the deployment thereof. The requirements for such expertise shall be further specified by the Governing Board.

2.  Members of the Industrial and Scientific Advisory Board shall have expertise either with regard to cybersecurity research, industrial development, offering, implementing, or deploying professional services or products. The requirements for such expertise shall be further specified by the Governing Board.

Amendment    151

Proposal for a regulation

Article 18 – paragraph 5

Text proposed by the Commission

Amendment

5.  Representatives of the Commission and of the European Network and Information Security Agency may participate in and support the works of the Industrial and Scientific Advisory Board.

5.  Representatives of the Commission and of the European Network and Information Security Agency shall be invited to participate in and support the works of the Industrial and Scientific Advisory Board. The board may invite additional representatives from the Community in an observer, adviser, or expert capacity as appropriate, on a case-by-case basis.

Amendment    152

Proposal for a regulation

Article 19 – paragraph 1

Text proposed by the Commission

Amendment

1.  The Industrial and Scientific Advisory Board shall meet at least twice a year.

1.  The Industrial and Scientific Advisory Board shall meet at least three times a year.

Amendment    153

Proposal for a regulation

Article 19 – paragraph 2

Text proposed by the Commission

Amendment

2.  The Industrial and Scientific Advisory Board may advise the Governing Board on the establishment of working groups on specific issues relevant to the work of the Competence Centre where necessary under the overall coordination of one or more members of the Industrial and Scientific Advisory Board.

2.  The Industrial and Scientific Advisory Board shall provide suggestions to the Governing Board on the establishment of working groups on specific issues relevant to the work of the Competence Centre, whenever those issues fall within the tasks and areas of competence outlined in Article 20 and where necessary under the overall coordination of one or more members of the Industrial and Scientific Advisory Board

Amendment    154

Proposal for a regulation

Article 20 – paragraph 1 – introductory part

Text proposed by the Commission

Amendment

The Industrial and Scientific Advisory Board shall advise the Competence Centre in respect of the performance of its activities and shall:

The Industrial and Scientific Advisory Board shall regularly advise the Competence Centre in respect of the performance of its activities and shall:

Amendment    155

Proposal for a regulation

Article 20 – paragraph 1 – point 1

Text proposed by the Commission

Amendment

(1)  provide to the Executive Director and the Governing Board strategic advice and input for drafting the work plan and multi-annual strategic plan within the deadlines set by the Governing Board;

(1)  provide to the Executive Director and the Governing Board strategic advice and input for deployment by, orientation and operations of the Competence Centre as far as industry and research is concerned, and drafting the work plan and multi-annual strategic plan within the deadlines set by the Governing Board;

Amendment    156

Proposal for a regulation

Article 20 – paragraph 1 – point 1 a (new)

Text proposed by the Commission

Amendment

 

(1a)  advise the Governing Board on the establishment of working groups on specific issues relevant to the work of the Competence Centre;

Amendment    157

Proposal for a regulation

Article 20 – paragraph 1 – point 3

Text proposed by the Commission

Amendment

(3)  promote and collect feedback on the work plan and multi-annual strategic plan of the Competence Centre.

(3)  promote and collect feedback on the work plan and multi-annual strategic plan of the Competence Centre and advise the Governing Board on how to improve the Competence Centre’s strategic orientation and operation.

Amendment    158

Proposal for a regulation

Article 21 – paragraph 1 – point a

Text proposed by the Commission

Amendment

(a)  EUR 1 981 668 000 from the Digital Europe Programme, including up to EUR 23 746 000 for administrative costs;

(a)  EUR 1 780 954 875 in 2018 prices (EUR 1 998 696 000 in current prices) from the Digital Europe Programme, including up to EUR 21 385 465 in 2018 prices (EUR 23 746 000 in current prices) for administrative costs;

Amendment    159

Proposal for a regulation

Article 21 – paragraph 1 – point b a (new)

Text proposed by the Commission

Amendment

 

(ba)  an amount from the European Defence Fund for defence-related actions of the Competence Centre, including for all related administrative costs such as costs that the Competence Centre may incur when acting as a project manager for actions carried out under the European Defence Fund.

Amendment    160

Proposal for a regulation

Article 21 – paragraph 2

Text proposed by the Commission

Amendment

2.  The maximum Union contribution shall be paid from the appropriations in the general budget of the Union allocated to [Digital Europe Programme] and to the specific programme implementing Horizon Europe, established by Decision XXX.

2.  The maximum Union contribution shall be paid from the appropriations in the general budget of the Union allocated to [Digital Europe Programme], to the specific programme implementing Horizon Europe, established by Decision XXX, to the European Defence Fund and to other programmes and projects falling within the scope of the Competence Centre or the Network.

Amendment    161

Proposal for a regulation

Article 21 – paragraph 4

Text proposed by the Commission

Amendment

4.  The Union financial contribution shall not cover the tasks referred to in Article 4(8)(b)

4.  The Union financial contribution from Digital Europe Programme and from Horizon Europe Programme shall not cover the tasks referred to in Article 4(8)(b). These may be covered by financial contributions from the European Defence Fund.

Amendment    162

Proposal for a regulation

Article 22 – paragraph 4

Text proposed by the Commission

Amendment

4.  The Commission may terminate, proportionally reduce or suspend the Union’s financial contribution to the Competence Centre if the participating Member States do not contribute, contribute only partially or contribute late with regard to the contributions referred to in paragraph 1.

4.  The Commission may terminate, proportionally reduce or suspend the Union’s financial contribution to the Competence Centre if the participating Member States do not contribute, or contribute only partially with regard to the contributions referred to in paragraph 1. The Commission’s termination, reduction or suspension of the Union’s financial contribution shall be proportionate in amount and time to the reduction, termination or suspension of the Member States’ contributions.

Amendment    163

Proposal for a regulation

Article 23 – paragraph 4 – point a

Text proposed by the Commission

Amendment

(a)  participating Member States' financial contributions to the administrative costs;

(a)  the Union's and participating Member States' financial contributions to the administrative costs;

Amendment    164

Proposal for a regulation

Article 23 – paragraph 4 – point b

Text proposed by the Commission

Amendment

(b)  participating Member States' financial contributions to the operational costs;

(b)  the Union's and participating Member States' financial contributions to the operational costs;

Amendment    165

Proposal for a regulation

Article 23 – paragraph 8 a (new)

Text proposed by the Commission

Amendment

 

8a.  The Competence Centre shall cooperate closely with other Union institutions, agencies, and bodies in order to benefit from synergies and, where appropriate, to reduce administrative costs.

Amendment    166

Proposal for a regulation

Article 30 – paragraph 1

Text proposed by the Commission

Amendment

1.  The Competence Centre shall take appropriate measures to ensure that, when actions financed under this Regulation are implemented, the financial interests of the Union are protected by the application of preventive measures against fraud, corruption and any other illegal activities, by effective checks and, if irregularities are detected, by the recovery of the amounts wrongly paid and, where appropriate, by effective, proportionate and dissuasive administrative sanctions.

1.  The Competence Centre shall take appropriate measures to ensure that, when actions financed under this Regulation are implemented, the financial interests of the Union are protected by the application of preventive measures against fraud, corruption and any other illegal activities, by regular and effective checks and, if irregularities are detected, by the recovery of the amounts wrongly paid and, where appropriate, by effective, proportionate and dissuasive administrative sanctions.

Amendment    167

Proposal for a regulation

Article 31 – paragraph 7

Text proposed by the Commission

Amendment

7.  The staff of the Competence Centre shall consist of temporary staff and contract staff.

7.  The Competence Centre shall aim to achieve gender balance among its staff. The staff shall consist of temporary staff and contract staff.

Amendment    168

Proposal for a regulation

Article 34 – paragraph 2 – point c a (new)

Text proposed by the Commission

Amendment

 

(ca)  Articles 22 [Ownership of results], 23 [Ownership of results] and 30 [Application of the rules on classified information] of Regulation (EU) 2019/XXX [European Defence Fund] shall apply to participation in all defence-related actions by the Competence Centre, when provided for in the work plan, and the grant of non-exclusive licenses may be limited to third parties established or deemed to be established in Members States and controlled by Member States and/or nationals of Member States.

Amendment    169

Proposal for a regulation

Article 35 – paragraph 1

Text proposed by the Commission

Amendment

1.  The Competence Centre shall carry out its activities with a high level of transparency.

1.  The Competence Centre shall carry out its activities with the highest level of transparency.

Amendment    170

Proposal for a regulation

Article 35 – paragraph 2

Text proposed by the Commission

Amendment

2.  The Competence Centre shall ensure that the public and any interested parties are given appropriate, objective, reliable and easily accessible information, in particular with regard to the results of its work. It shall also make public the declarations of interest made in accordance with Article 41.

2.  The Competence Centre shall ensure that the public and any interested parties are provided with comprehensive, appropriate, objective, reliable and easily accessible information in due time, in particular with regard to the results of the work of the Competence Centre, the Network, the Industry and Scientific Advisory Board and the Community. It shall also make public the declarations of interest made in accordance with Article 42.

Amendment    171

Proposal for a regulation

Article 38 – paragraph 3

Text proposed by the Commission

Amendment

3.  The evaluation referred to in paragraph 2 shall include an assessment of the results achieved by the Competence Centre, having regard to its objectives, mandate and tasks. If the Commission considers that the continuation of the Competence Centre is justified with regard to its assigned objectives, mandate and tasks, it may propose that the duration of the mandate of the Competence Centre set out in Article 46 be extended.

3.  The evaluation referred to in paragraph 2 shall include an assessment of the results achieved by the Competence Centre, having regard to its objectives, mandate and tasks, effectiveness, and efficiency. If the Commission considers that the continuation of the Competence Centre is justified with regard to its assigned objectives, mandate and tasks, it may propose that the duration of the mandate of the Competence Centre set out in Article 46 be extended.

Amendment    172

Proposal for a regulation

Article 38 a (new)

Text proposed by the Commission

Amendment

 

Article 38 a

 

Legal Personality of the Competence Centre

 

1.  The Competence Centre shall have legal personality.

 

2.  In each Member State, the Competence Centre shall enjoy the most extensive legal capacity accorded to legal persons under the law of that Member State. It may, in particular, acquire or dispose of movable and immovable property and may be a party to legal proceedings

Amendment    173

Proposal for a regulation

Article 42 – paragraph 1

Text proposed by the Commission

Amendment

The Competence Centre Governing Board shall adopt rules for the prevention and management of conflicts of interest in respect of its members, bodies and staff. Those rules shall contain the provisions intended to avoid a conflict of interest in respect of the representatives of the members serving in the Governing Board as well as the Scientific and Industrial Advisory Board in accordance with Regulation XXX [new Financial Regulation].

The Competence Centre Governing Board shall adopt rules for the prevention, identification, and resolution of conflicts of interest in respect of its members, bodies and staff, including the Executive Director, the Governing Board, as well as the Scientific and Industrial Advisory Board, and the Community.

Amendment    174

Proposal for a regulation

Article 42 – paragraph 1 a (new)

Text proposed by the Commission

Amendment

 

Member States shall ensure the prevention, identification, and resolution of conflicts of interest in respect of the National Coordination Centres.

Amendment    175

Proposal for a regulation

Article 42 – paragraph 1 b (new)

Text proposed by the Commission

Amendment

 

The rules referred to in paragraph 1 shall comply with Regulation (EU, Euratom) 2018/1046.

Amendment    176

Proposal for a regulation

Article 44 – title

Text proposed by the Commission

Amendment

Support from the host Member State

Seat and support from the host Member State

Amendment    177

Proposal for a regulation

Article 44 – paragraph -1 (new)

Text proposed by the Commission

Amendment

 

The seat of the Competence Centre shall be determined in a democratically accountable procedure, using transparent criteria and in accordance with Union law.

Amendment    178

Proposal for a regulation

Article 44 – paragraph -1 a (new)

Text proposed by the Commission

Amendment

 

The host Member State shall provide the best possible conditions to ensure the proper functioning of the Competence Centre, including a single location, and further conditions such as the accessibility of the adequate education facilities for the children of staff members, appropriate access to the labour market, social security and medical care for both children and partners.

Amendment    179

Proposal for a regulation

Article 44 – paragraph 1

Text proposed by the Commission

Amendment

An administrative agreement may be concluded between the Competence Centre and the Member State [Belgium] in which its seat is located concerning privileges and immunities and other support to be provided by that Member State to the Competence Centre.

An administrative agreement shall be concluded between the Competence Centre and the host Member State in which its seat is located concerning privileges and immunities and other support to be provided by that Member State to the Competence Centre.

Amendment    180

Proposal for a regulation

Article 45 a (new)

Text proposed by the Commission

Amendment

 

Article 45 a

 

Exercise of the delegation

 

1.  The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.

 

2.  The power to adopt delegated acts referred to in Articles 6(5a) and 8(4b) shall be conferred on the Commission for an indeterminate period of time from ... [date of entry into force of this Regulation].

 

3.  The delegation of power referred to in Articles 6(5a) and 8(4b) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

 

4.  Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement on Better Law-Making of 13 April 2016.

 

5.  As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.

 

6.  A delegated act adopted pursuant to Articles 6(5a) and 8(4b) shall enter into force only if no objection has been expressed either by the European Parliament or by the Council within a period of two months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by two months at the initiative of the European Parliament or of the Council.

(1)

Not yet published in the Official Journal


EXPLANATORY STATEMENT

The Commission proposal establishing a Cybersecurity Industrial, Technology, and Research Competence Centre and the Network of National Coordination Centres is a welcome opportunity to design the future of European cooperation on the issue of cybersecurity.

Similar to other parts of the European economy, cybersecurity innovation, products, processes and services are in large part created in small and medium size enterprises. Innovation, when it is not produced within these SMEs themselves, takes place in start-ups and the research community. These economically oriented communities are supported by individual entrepreneurs, and very often, important impulses come from civil-society, and non-commercial or pre-commercial civic tech projects that make use of open standards, open data, and Free and Open Source Software to contribute to the common good.

We need to make sure that the European Cybersecurity framework seizes the opportunities and makes use of the strengths that the sector, as it is currently structured in Europe, can provide.

The proposed set-up of the Centre links the activities of Horizon Europe for cybersecurity research and of Digital Europe for cybersecurity deployment, thereby ideally creating synergies and spill-over effects between both Union programmes. Furthermore the Centre should facilitate and coordinate the work of the Cybersecurity Competence Network and should drive the cybersecurity technological agenda and facilitate access to the expertise gathered in the Network and the Community. The Commission considered to best achieve these goals by creating a new Union body, comprising elements of a joint undertaking, an executive agency and a decentralised agency. Given that with ENISA there is already another dedicated EU cybersecurity agency, this proposal should ensure that ENISA is consulted on all the Centre's relevant activities, to create synergies.

Cybersecurity as a process

The IT industry has long used the term “solution” to describe products and services in public relations contexts and commercial endorsements. However, it is important to understand cybersecurity as a process. With ICT technology constantly evolving, so do the threats. The efforts to make our infrastructure, networks and information systems more secure do not end with the purchase of a certain product or a service.

That is why it is important to strengthen cybersecurity constantly, throughout the lifecycle of a product, and taking into account the interplay of products and actors in connected networks and infrastructures like the Internet. Throughout the lifecycle phases of a system, the design, implementation, maintenance, and update phases, security should be an overarching principle.

Security of the Common Infrastructure

The Internet is the common infrastructure that not only the European but the worldwide economy, more and more relies on. In addition, it is the common infrastructure for communication, culture, and information that individuals rely on, on a daily basis.

From the basic infrastructure layer up to the applications that users interact with, Free and Open Source Software plays an integral role in the functioning of the Internet. As with any commonly used component, if a security vulnerability is discovered in a Free and Open Source Software component, the vulnerability can threaten the functioning of the Internet and related services.

Vulnerable “Internet of Things” devices have already been known to be used to attack other infrastructures. On the Internet, a security vulnerability in a consumer device can affect a high performance computing facility.

Such components are commonly developed, used, and built upon by various industrial actors, in research and development, as well as by public bodies. Consequently, in order to enhance the overall reliability, resilience, and security of our common infrastructure, the Centre’s activities should realise the role of commonly used Free and Open Source Software, and contribute to its security.

Resilience rather than Defence and Dual-Use Technologies

Due to the functioning of networks and information systems like the Internet, it is usually not possible to invariably attribute the origin of an attack to an entity with absolute certainty. Quite to the opposite, evidence can be fabricated to disguise a source, or to lead to wrong conclusions. In this context especially, it is a worrying development that states and intergovernmental organisations have started considering to use conventional military force in the case of cyberattacks.

 It is a priority of the European Union to promote democracy, the rule of law, human rights and fundamental freedoms worldwide. Therefore, the Centre should promote and invest into the resilience and integrity of networks and information systems. Cybersecurity products and processes can be equally useful in civilian and military contexts, therefore the Centre should support existing frameworks for the control of dual-use technologies. Offensive military applications such as backdoors, withheld vulnerabilities, or exploits bear an inherent security risk for society at large and would run counter to the Centre's goal of improving cybersecurity. It is therefore important to limit the Centre's activities to civilian purposes.

Financing the Centre's structures and operating costs from Union programmes that may not be used for military purposes means that the Centre shouldn't facilitate any defence research or other defence-related projects. The Treaties need to be respected and the Union budget not used for military purposes.

Society, Ethics and Representation

The Centre should thoroughly take into account the societal and ethical implications and concerns that its actions, the actions of its bodies and the outcomes of products, services, facilities, and research funded by it may have.

More than other industries, the ICT sector is struggling to fulfil the demand for skilled workers. At the same time, the representation of genders, ethnic diversity and disabled persons is extraordinarily imbalanced. That is why it is in the interest of the industry, including academia, research and others, to achieve balanced representation.

More so, it is in the interest of equality.

Governance Structure

The Centre and its bodies should make sure that conflicts of interest are not only identified, but remedied and handled in a transparent, and accountable manner. The Member States should make sure that the same goes for the National Coordination Centres.

The European Parliament should be put on equal footing with the Member States when it comes to influencing the Centre’s governance and actions.


ANNEX: LIST OF ENTITIES OR PERSONSFROM WHOM THE RAPPORTEUR HAS RECEIVED INPUT

The following list is drawn up on a purely voluntary basis under the exclusive responsibility of the rapporteur. The rapporteur has received input from the following entities or persons in the preparation of the report, until the adoption thereof in committee:

Entity and/or person

American Chamber of Commerce to the EU

Bundesverband Informationswirtschaft, Telekommunikation und neue Medien e.V. (Bitkom)

CyberSec4Europe

Digitaleurope

European Cyber Security Organisation (ECSO)

European Defence Agency (EDA)

European DIGITAL SME Alliance

European Organisation for Security (EOS)

European Union Agency for Network and Information Security (ENISA)

FSFE - Free Software Foundation Europe e.V.

Huawei Technologies

Interel European Affairs

ISACA

KIT - Karlsruhe Institute of Technology, SecUnity project

Mozilla Corp.

Symantec Corp.


OPINION of the Committee on the Internal Market and Consumer Protection (31.1.2019)

for the Committee on Industry, Research and Energy

on the proposal for a regulation of the European Parliament and of the Council establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres

(COM(2018)0630 – C8‑0404/2018 – 2018/0328(COD))

Rapporteur for opinion: Arndt Kohn

SHORT JUSTIFICATION

In the digital era, Cybersecurity is an essential part of the economic competitiveness and security of the European Union, as well as the integrity and processes that support our democratic societies. Guaranteeing a high level of cyber resilience across the EU is of paramount importance for achieving consumer trust in the Digital Single Market and to further develop a more innovative and competitive Europe. Even though more than 600 centres in the European Union are providing expertise in the field of cybersecurity, the Union remains a net importer of cybersecurity products and solutions. There is a need for the EU to be more cohesive and effective in combatting cyber-attacks, enhancing cyber competences and increasing its capabilities to better protect Europe's citizens, businesses and public institutions.

In September 2017, the Commission presented the “Cybersecurity Act”, followed by the proposal for establishing the European Cybersecurity Industrial, Technology and Research Competence Centre (the ‘Centre’) and Network of National Coordination Centres (the ‘Network’) on 12 September 2018.

Overall, the Rapporteur welcomes the Commission’s proposal. Particular emphasis is placed on the Competence Centre’s objectives to contribute to retaining and developing the Union’s cybersecurity technological and industrial capacities, as well as to strengthening the Union’s cybersecurity industry and increasing its competitiveness, which is shared by the Rapporteur. The Competence Centre will facilitate and help coordinate the work of the Network of National Coordination Centres and the Cybersecurity Competence Community. The Rapporteur foresees that the Competence Centre and the Network will be used as a tool to foster trust of European citizens, as well as to strengthen the Digital Single Market.

However, the Rapporteur highlights a number of points from the proposal that need further clarification and improvement:

•  Firstly, the Rapporteur strongly believes that the accreditation and assessment processes allowing entities to become members of the Community should be harmonised at the EU level, in order to avoid fragmentation among the different entities being accredited by different Member States.

•  Secondly, the importance of SMEs needs to be pointed out so as to improve equal opportunities for them, as well as enhancing their ability to engage and gain in competitiveness on the Single Market. In this sense, Rapporteur’s aim is to achieve a balanced representation of stakeholders in the Community and the Industrial and Scientific Advisory Board, with a particular attention to be given to the inclusion of SMEs. Furthermore, according to the Rapporteur, National Coordination Centres should also work in close cooperation in order to incentivise cross-border projects in the field of cybersecurity, particularly for SMEs.

•  Thirdly, the Rapporteur strongly believes that the increase of the uptake of cybersecurity products and solutions developed within the Union should be one of the missions of the Centre and the Network together with the increasing of the competitiveness of the Union’s cybersecurity industry. In order to achieve these objectives, the Rapporteur clarifies which entities may be accredited as members of the Cybersecurity Competence Community and advocates for the enhancement of European standardisation in cybersecurity technology.

•  Fourthly, as regards financial contributions of the Member States, the Rapporteur believes that the European Commission should not have the power to terminate, proportionally reduce or suspend the Union’s financial contribution to the Competence Centre. The Commission proposes this power in the event that a contributing Member State does not contribute, contributes only partially or contributes late, but such a power would penalise the entire structure that this regulation is introducing and will prevent Member States from participating.

•  Finally, the Rapporteur highlights the importance of building a strong cyber skills base, which also includes training and awareness-raising campaigns.

AMENDMENTS

The Committee on the Internal Market and Consumer Protection calls on the Committee on Industry, Research and Energy, as the committee responsible, to take into account the following amendments:

Amendment    1

Proposal for a regulation

Recital 1

Text proposed by the Commission

Amendment

(1)  Our daily lives and economies become increasingly dependent on digital technologies, citizens become more and more exposed to serious cyber incidents. Future security depends, among others, on enhancing technological and industrial ability to protect the Union against cyber threats, as both civilian infrastructure and military capacities rely on secure digital systems.

(1)  More than 80% of the population of the European Union is connected to the internet and our daily lives and economies are becoming increasingly dependent on digital technologies, with citizens becoming more and more exposed to serious cyber incidents. Future security depends, among others, on enhancing technological and industrial ability to protect the Union against cyber threats, as both civilian infrastructure and military capacities rely on secure digital systems.

Amendment    2

Proposal for a regulation

Recital 4

Text proposed by the Commission

Amendment

(4)  The Heads of State and Government at the Tallinn Digital Summit, in September 2017, called for the Union to become "a global leader in cyber-security by 2025, in order to ensure trust, confidence and protection of our citizens, consumers and enterprises online and to enable a free and law-governed internet."

(4)  The Heads of State and Government at the Tallinn Digital Summit, in September 2017, called for the Union to become "a global leader in cyber-security by 2025, in order to ensure trust, confidence and protection of our citizens, consumers and enterprises online and to enable a free, safer and law-governed internet."

Amendment    3

Proposal for a regulation

Recital 4 a (new)

Text proposed by the Commission

Amendment

 

(4 a)  The Competence Centre and its actions should take into account the implementation of Regulation (EU) 2019/XXX [recast of Regulation (EC) No 428/2009 as proposed by COM(2016)616].1a

 

_________________

 

1a Regulation (EU) 2019/... of the European Parliament and of the Council of ... setting up a Union regime for the control of exports, transfer, brokering, technical assistance and transit of dual-use items (OJ L ..., ..., p. ...).

Amendment    4

Proposal for a regulation

Recital 8

Text proposed by the Commission

Amendment

(8)  The Competence Centre should be the Union's main instrument to pool investment in cybersecurity research, technology and industrial development and to implement relevant projects and initiatives together with the Cybersecurity Competence Network. It should deliver cybersecurity-related financial support from the Horizon Europe and Digital Europe programmes, and should be open to the European Regional Development Fund and other programmes where appropriate. This approach should contribute to creating synergies and coordinating financial support related to cybersecurity research, innovation, technology and industrial development and avoiding duplication.

(8)  The Competence Centre should be the Union's main instrument to pool investment in cybersecurity research, technology and industrial development and to implement relevant projects and initiatives together with the Cybersecurity Competence Network. It should deliver cybersecurity-related financial support from the Horizon Europe and Digital Europe programmes, as well as from the European Defence Fund for actions and administrative costs related to defence, and should be open to the European Regional Development Fund and other programmes where appropriate. This approach should contribute to creating synergies and coordinating financial support related to Union initiatives in the field of cybersecurity research and development, innovation, technology and industrial development and avoiding duplication.

Amendment    5

Proposal for a regulation

Recital 8 a (new)

Text proposed by the Commission

Amendment

 

(8 a)  In view of the extent of the cybersecurity challenge and in view of the investments made in cybersecurity capacities and capabilities in other parts of the world, the Union and its Member States should step up their financial support to research, development and deployment in this area. In order to realise economies of scale and achieve a comparable level of protection across the union, the Member States should put their efforts into a European framework by investing through the Competence Centre mechanism where relevant.

Amendment    6

Proposal for a regulation

Recital 8 b (new)

Text proposed by the Commission

Amendment

 

(8 b)  “Security by design” as a principle should also influence formal as well as non-formal standardisation processes, where a common practice in non-formal standardisation is the creation of reference implementations, published under free and open licences. The secure design of, in particular, reference implementations is crucial for the overall reliability and resilience of commonly used network and information system infrastructure like the internet.

Amendment    7

Proposal for a regulation

Recital 9

Text proposed by the Commission

Amendment

(9)  Taking into account that the objectives of this initiative can be best achieved if all Member States or as many Member States as possible participate, and as an incentive for Member States to take part, only Member States who contribute financially to the administrative and operational costs of the Competence Centre should hold voting rights.

(9)  Taking into account that the objectives of this initiative can be best achieved if all Member States or as many Member States as possible contribute, and as an incentive for Member States to take part, only Member States who contribute financially to the administrative and operational costs of the Competence Centre should hold voting rights.

Amendment    8

Proposal for a regulation

Recital 12

Text proposed by the Commission

Amendment

(12)  National Coordination Centres should be selected by Member States. In addition to the necessary administrative capacity, Centres should either possess or have direct access to cybersecurity technological expertise in cybersecurity, notably in domains such as cryptography, ICT security services, intrusion detection, system security, network security, software and application security, or human and societal aspects of security and privacy. They should also have the capacity to effectively engage and coordinate with the industry, the public sector, including authorities designated pursuant to the Directive (EU) 2016/1148 of the European Parliament and of the Council23 , and the research community.

(12)  National Coordination Centres should be selected by Member States. In addition to the necessary administrative capacity, Centres should either possess or have direct access to cybersecurity technological expertise in cybersecurity, notably in domains such as cryptography, ICT security services, intrusion detection, system security, network security, software and application security, or human, ethical and societal aspects of security and privacy. They should also have the capacity to effectively engage and coordinate with the industry, the public sector, including authorities designated pursuant to the Directive (EU) 2016/1148 of the European Parliament and of the Council23 , and the research community. In addition, awareness should be raised amongst the general public about cybersecurity through appropriate communicative means.

_________________

_________________

23 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (OJ L 194, 19.7.2016, p. 1).

23 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (OJ L 194, 19.7.2016, p. 1).

Amendment    9

Proposal for a regulation

Recital 15

Text proposed by the Commission

Amendment

(15)  The Competence Centre should have several key functions. First, the Competence Centre should facilitate and help coordinate the work of the European Cybersecurity Competence Network and nurture the Cybersecurity Competence Community. The Centre should drive the cybersecurity technological agenda and facilitate access to the expertise gathered in the Network and the Cybersecurity Competence Community. Secondly, it should implement relevant parts of Digital Europe and Horizon Europe programmes by allocating grants, typically following a competitive call for proposals. Thirdly, the Competence Centre should facilitate joint investment by the Union, Member States and/or industry.

(15)  The Competence Centre should have several key functions. First, the Competence Centre should facilitate and help coordinate the work of the European Cybersecurity Competence Network and nurture the Cybersecurity Competence Community. The Centre should drive the cybersecurity technological agenda and facilitate access to the expertise gathered in the Network and the Cybersecurity Competence Community. Secondly, it should implement relevant parts of Digital Europe and Horizon Europe programmes as well as of the European Defence Fund, by allocating grants, typically following a competitive call for proposals. Thirdly, the Competence Centre should facilitate joint investment by the Union, Member States and/or industry.

Amendment    10

Proposal for a regulation

Recital 16

Text proposed by the Commission

Amendment

(16)  The Competence Centre should stimulate and support the cooperation and coordination of the activities of the Cybersecurity Competence Community, which would involve a large, open, and diverse group of actors involved in cybersecurity technology. That Community should include in particular research entities, supply-side industries, demand side industries, and the public sector. The Cybersecurity Competence Community should provide input to the activities and work plan of the Competence Centre and it should also benefit from the community-building activities of the Competence Centre and the Network, but otherwise should not be privileged with regard to calls for proposals or calls for tender.

(16)  The Competence Centre should stimulate and support the cooperation and coordination of the activities of the Cybersecurity Competence Community, which would involve a large, open, and diverse group of actors involved in cybersecurity technology. That Community should include in particular research entities, including those working on cybersecurity ethics, supply-side industries, demand side industries, and the public sector. The Cybersecurity Competence Community should provide input to the activities and work plan of the Competence Centre and it should also benefit from the community-building activities of the Competence Centre and the Network, but otherwise should not be privileged with regard to calls for proposals or calls for tender.

Amendment    11

Proposal for a regulation

Recital 17

Text proposed by the Commission

Amendment

(17)  In order to respond to the needs of both demand and supply side industries, the Competence Centre's task to provide cybersecurity knowledge and technical assistance to industries should refer to both ICT products and services and all other industrial and technological products and solutions in which cybersecurity is to be embedded.

(17)  In order to respond to the needs of both demand and supply side industries, the Competence Centre's task to provide cybersecurity knowledge and technical assistance to industries should refer to both ICT products, processes and services and all other industrial and technological products and solutions in which cybersecurity is to be embedded.

Justification

In the context of connected industries, all players in the value chain should ensure their products, processes and services are cybersecure in a dynamic manner from the earliest stage of the engineering process.

Amendment    12

Proposal for a regulation

Recital 17 a (new)

Text proposed by the Commission

Amendment

 

(17 a)  The Cybersecurity Competence Centre should contribute to the wide deployment of state-of-the-art cybersecurity products and solutions, in particular those that are internationally recognised.

Amendment    13

Proposal for a regulation

Recital 18

Text proposed by the Commission

Amendment

(18)  Whereas the Competence Centre and the Network should strive to achieve synergies between the cybersecurity civilian and defence spheres, projects financed by the Horizon Europe Programme will be implemented in line with Regulation XXX [Horizon Europe Regulation], which provides that research and innovation activities carried out under Horizon Europe shall have a focus on civil applications.

(18)  Projects financed by the Horizon Europe Programme will be implemented in line with Regulation XXX [Horizon Europe Regulation], which provides that research and innovation activities carried out under Horizon Europe shall have a focus on civil applications.

Amendment    14

Proposal for a regulation

Recital 20 a (new)

Text proposed by the Commission

Amendment

 

(20 a)  Given that with ENISA there is already another dedicated Union cybersecurity agency, the Competence Centre Governing Board should ensure that ENISA is consulted on all the Centre's relevant activities, to create synergies.

Amendment    15

Proposal for a regulation

Recital 21

Text proposed by the Commission

Amendment

(21)  In view of their respective expertise in cybersecurity, the Joint Research Centre of the Commission as well as the European Network and Information Security Agency (ENISA) should play an active part in the Cybersecurity Competence Community and the Industrial and Scientific Advisory Board.

(21)  In view of their respective expertise in cybersecurity, the Joint Research Centre of the Commission as well as the European Network and Information Security Agency (ENISA) should play an active part in the Cybersecurity Competence Community and the Industrial and Scientific Advisory Board, in order to ensure synergies.

Amendment    16

Proposal for a regulation

Recital 21 a (new)

Text proposed by the Commission

Amendment

 

(21 a)  In view of their respective expertise in cybersecurity, synergies should be sought between the European Network and Information Security Agency (ENISA) and the Competence Centre bearing in mind that ENISA should continue fulfilling its strategic objectives especially in the field of cybersecurity certification as defined in the "Cybersecurity Act"1a while the Competence Centre should act as an operational body in cybersecurity.

 

__________________

 

1a Proposal for a Regulation on ENISA, the “EU Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (2017/0225(COD)).

Amendment    17

Proposal for a regulation

Recital 25

Text proposed by the Commission

Amendment

(25)  In order for the Competence Centre to function properly and effectively, the Commission and the Member States should ensure that persons to be appointed to the Governing Board have appropriate professional expertise and experience in functional areas. The Commission and the Member States should also make efforts to limit the turnover of their respective Representatives on the Governing Board in order to ensure continuity in its work.

(25)  In order for the Competence Centre to function properly and effectively, the Commission and the Member States should ensure that persons to be appointed to the Governing Board have appropriate professional expertise and experience in functional areas. The Commission and the Member States should also make efforts to limit the turnover of their respective Representatives on the Governing Board in order to ensure continuity in its work. ENISA should also have a permanent advisory role, without voting rights, in the Governing Board, and should be consulted on all the Centre's relevant activities.

Amendment    18

Proposal for a regulation

Recital 27

Text proposed by the Commission

Amendment

(27)  The Competence Centre should have an Industrial and Scientific Advisory Board as an advisory body to ensure regular dialogue with the private sector, consumers’ organisations and other relevant stakeholders. The Industrial and Scientific Advisory Board should focus on issues relevant to stakeholders and bring them to the attention of the Competence Centre's Governing Board. The composition of the Industrial and Scientific Advisory Board and the tasks assigned to it, such as being consulted regarding the work plan, should ensure sufficient representation of stakeholders in the work of the Competence Centre.

(27)  The Competence Centre should have an Industrial and Scientific Advisory Board as an advisory body to ensure regular dialogue with the private sector, consumers’ organisations and other relevant stakeholders. It should also provide the Executive Director and the Governing Board with independent advice on deployment and procurement. The Industrial and Scientific Advisory Board should focus on issues relevant to stakeholders and bring them to the attention of the Competence Centre's Governing Board. The composition of the Industrial and Scientific Advisory Board and the tasks assigned to it, such as being consulted regarding the work plan, should ensure sufficient representation of stakeholders in the work of the Competence Centre. A minimum number of seats should be allocated to each category of industry stakeholders, with particular attention paid to the representation of SMEs.

Amendment    19

Proposal for a regulation

Recital 29

Text proposed by the Commission

Amendment

(29)  The Competence Centre should have in place rules regarding the prevention and the management of conflict of interest. The Competence Centre should also apply the relevant Union provisions concerning public access to documents as set out in Regulation (EC) No 1049/2001 of the European Parliament and of the Council24 . Processing of personal data by the Competence Centre will be subject to Regulation (EU) No XXX/2018 of the European Parliament and of the Council. The Competence Centre should comply with the provisions applicable to the Union institutions, and with national legislation regarding the handling of information, in particular sensitive non classified information and EU classified information.

(29)  The Competence Centre should have in place rules regarding the prevention, identification and resolution of conflicts of interest in respect of its members, bodies and staff, the Governing Board, as well as the Scientific and Industrial Advisory Board, and the Community. Member States should ensure the prevention, identification, and resolution of conflicts of interest in respect of the National Coordination Centres. The Competence Centre should also apply the relevant Union provisions concerning public access to documents as set out in Regulation (EC) No 1049/2001 of the European Parliament and of the Council24 . Processing of personal data by the Competence Centre will be subject to Regulation (EU) No XXX/2018 of the European Parliament and of the Council. The Competence Centre should comply with the provisions applicable to the Union institutions, and with national legislation regarding the handling of information, in particular sensitive non classified information and EU classified information.

_________________

_________________

24 Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145, 31.5.2001, p. 43).

24 Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145, 31.5.2001, p. 43).

Amendment    20

Proposal for a regulation

Recital 31

Text proposed by the Commission

Amendment

(31)  The Competence Centre should operate in an open and transparent way providing all relevant information in a timely manner as well as promoting its activities, including information and dissemination activities to the wider public. The rules of procedure of the bodies of the Competence Centre should be made publicly available.

(31)  The Competence Centre should operate in an open and transparent way comprehensively providing information in a timely manner as well as promoting its activities, including information and dissemination activities to the wider public. It should provide the public and any interested parties with a list of the Cybersecurity Competence Community members and should make public the declarations of interest made by them in accordance with Article 42. The rules of procedure of the bodies of the Competence Centre should be made publicly available.

Amendment    21

Proposal for a regulation

Recital 31 a (new)

Text proposed by the Commission

Amendment

 

(31 a)  It is advisable that both the Competence Centre and the National Coordination Centres monitor and follow the international standards as much as possible, in order to encourage development towards global best practices.

Amendment    22

Proposal for a regulation

Recital 31 b (new)

Text proposed by the Commission

Amendment

 

(31 b)  The European Cybersecurity Community can benefit from representing the diversity of society at large, and should achieve a balanced representation of genders, ethnic diversity, and disabled persons.

Amendment    23

Proposal for a regulation

Recital 33 a (new)

Text proposed by the Commission

Amendment

 

(33 a)  The power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union should be delegated to the Commission in respect of defining the elements of contractual agreements between the Competence Centre and National Coordination Centres, and in respect of specifying criteria for assessing and accrediting entities as members of the Cybersecurity Competence Community. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level, and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making. In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States' experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts.

Amendment    24

Proposal for a regulation

Article 1 – paragraph 2

Text proposed by the Commission

Amendment

2.  The Competence Centre shall contribute to the implementation of the cybersecurity part of the Digital Europe Programme established by Regulation No XXX and in particular actions related to Article 6 of Regulation (EU) No XXX [Digital Europe Programme] thereof and of the Horizon Europe Programme established by Regulation No XXX and in particular Section 2.2.6 of Pillar II of Annex I. of Decision No XXX on establishing the specific programme implementing Horizon Europe – the Framework Programme for Research and Innovation[ref. number of the Specific Programme].

2.  The Competence Centre shall contribute to the implementation of the cybersecurity part of the Digital Europe Programme established by Regulation No XXX and in particular actions related to Article 6 of Regulation (EU) No XXX [Digital Europe Programme] thereof, of the Horizon Europe Programme established by Regulation No XXX and in particular Section 2.2.6 of Pillar II of Annex I. of Decision No XXX on establishing the specific programme implementing Horizon Europe – the Framework Programme for Research and Innovation[ref. number of the Specific Programme] and of the European Defence Fund established by Regulation No XXX.

Amendment    25

Proposal for a regulation

Article 2 – paragraph 1 – point 1

Text proposed by the Commission

Amendment

(1)  'cybersecurity' means the protection of network and information systems, their users, and other persons against cyber threats;

(1)  'cybersecurity' means all activities necessary to protect network and information systems, their users, and affected persons against cyber threats;

Amendment    26

Proposal for a regulation

Article 2 – paragraph 1 – point 2

Text proposed by the Commission

Amendment

(2)  'cybersecurity products and solutions' means ICT products, services or process with the specific purpose of protecting network and information systems, their users and affected persons from cyber threats;

(2)  'cybersecurity products and solutions' means ICT products, services or processes with the specific purpose of protecting network and information systems, their users and affected persons from cyber threats;

Amendment    27

Proposal for a regulation

Article 2 – paragraph 1 – point 3

Text proposed by the Commission

Amendment

(3)  'public authority' means any government or other public administration, including public advisory bodies, at national, regional or local level or any natural or legal person performing public administrative functions under national law, including specific duties;

(3)  'public authority' means any government or other public administration, including public advisory bodies, at national, regional or local level or any natural or legal person performing public administrative functions under Union and national law, including specific duties;

Amendment    28

Proposal for a regulation

Article 2 – paragraph 1 – point 4

Text proposed by the Commission

Amendment

(4)  'participating Member State' means a Member State which voluntarily contributes financially to the administrative and operational costs of the Competence Centre.

(4)  'contributing Member State' means a Member State which voluntarily contributes financially to the administrative and operational costs of the Competence Centre.

Amendment    29

Proposal for a regulation

Article 3 – paragraph 1 – point a

Text proposed by the Commission

Amendment

(a)  retain and develop the cybersecurity technological and industrial capacities necessary to secure its Digital Single Market;

(a)  retain and develop the cybersecurity technological academic and research, societal and industrial capabilities and capacities necessary to secure and develop its Digital Single Market and promote European digital autonomy;

Amendment    30

Proposal for a regulation

Article 3 – paragraph 1 – point b

Text proposed by the Commission

Amendment

(b)  increase the competitiveness of the Union's cybersecurity industry and turn cybersecurity into competitive advantage of other Union industries.

(b)  increase the competitiveness of the Union's cybersecurity industry by promoting the uptake of cybersecurity products and solutions developed within the Union and thereby turning cybersecurity into a competitive advantage of other Union industries, giving it a firm foundation and making it a key player in the fight against cyber-attacks;

Amendment    31

Proposal for a regulation

Article 3 – paragraph 1 – point b a (new)

Text proposed by the Commission

Amendment

 

(b a)  increase the resilience and reliability of the Union’s cybersecurity industry, the infrastructure of network and information systems, the internet and hardware and software commonly used in the Union, thus reinforcing the trust of citizens, consumers and businesses in the digital world, and therefore contributing to the goals of the Digital Single Market Strategy;

Amendment    32

Proposal for a regulation

Article 3 – paragraph 1 – point b b (new)

Text proposed by the Commission

Amendment

 

(b b)  raise awareness about cybersecurity risks and related societal and ethical implications and concerns in the Union;

Amendment    33

Proposal for a regulation

Article 3 – paragraph 1 – point b c (new)

Text proposed by the Commission

Amendment

 

(b c)  support, facilitate and accelerate standardisation and certification processes.

Amendment    34

Proposal for a regulation

Article 4 – paragraph 1 – point 1

Text proposed by the Commission

Amendment

1.  facilitate and help coordinate the work of the National Coordination Centres Network (‘the Network’) referred to in Article 6 and the Cybersecurity Competence Community referred to in Article 8;

1.  facilitate and help coordinate the work of the National Coordination Centres Network (‘the Network’) referred to in Article 6 and the Cybersecurity Competence Community (‘the Community’) referred to in Article 8;

Amendment    35

Proposal for a regulation

Article 4 – paragraph 1 – point 2

Text proposed by the Commission

Amendment

2.  contribute to the implementation of the cybersecurity part of the Digital Europe Programme established by Regulation No XXX26 and in particular actions related to Article 6 of Regulation (EU) No XXX [Digital Europe Programme] and of the Horizon Europe Programme established by Regulation No XXX27 and in particular Section 2.2.6 of Pillar II of Annex I. of Decision No XXX on establishing the specific programme implementing Horizon Europe – the Framework Programme for Research and Innovation[ref. number of the Specific Programme]. and of other Union programmes when provided for in legal acts of the Union];

2.  contribute to the implementation of the cybersecurity part of the Digital Europe Programme established by Regulation No XXX26 and in particular actions related to Article 6 of Regulation (EU) No XXX [Digital Europe Programme] and of the Horizon Europe Programme established by Regulation No XXX27 and in particular Section 2.2.6 of Pillar II of Annex I. of Decision No XXX on establishing the specific programme implementing Horizon Europe – the Framework Programme for Research and Innovation[ref. number of the Specific Programme], of the European Defence Fund established by Regulation No XXX, and of other Union programmes when provided for in legal acts of the Union];

__________________

__________________

26 [add full title and OJ reference]

26 [add full title and OJ reference]

27 [add full title and OJ reference]

27 [add full title and OJ reference]

Amendment    36

Proposal for a regulation

Article 4 – paragraph 1 – point 3 – introductory part

Text proposed by the Commission

Amendment

3.  enhance cybersecurity capabilities, knowledge and infrastructures at the service of industries, the public sector and research communities, by carrying out the following tasks:

3.  enhance cybersecurity resilience, capacities, capabilities, knowledge and infrastructures at the service of society, industries, the public sector and research communities, by carrying out the following tasks having regard to the state-of-the-art cybersecurity industrial and research infrastructures and related services:

Amendment    37

Proposal for a regulation

Article 4 – paragraph 1 – point 3 – point a

Text proposed by the Commission

Amendment

(a)  having regard to the state-of-the-art cybersecurity industrial and research infrastructures and related services , acquiring, upgrading, operating and making available such infrastructures and related services to a wide range of users across the Union from industry including SMEs, the public sector and the research and scientific community;

(a)  acquiring, upgrading, operating and making available such infrastructures and related services in a fair, open and transparent way to a wide range of users across the Union from industry in particular SMEs and from the public sector and the research and scientific community;

Amendment    38

Proposal for a regulation

Article 4 – paragraph 1 – point 3 – point b

Text proposed by the Commission

Amendment

(b)  having regard to the state-of-the-art cybersecurity industrial and research infrastructures and related services, providing support to other entities, including financially, to acquiring, upgrading, operating and making available such infrastructures and related services to a wide range of users across the Union from industry including SMEs, the public sector and the research and scientific community;

(b)  providing support to other entities, including financially, to acquiring, upgrading, operating and making available such infrastructures and related services to a wide range of users across the Union from industry in particular SMEs, and from the public sector and the research and scientific community;

Amendment    39

Proposal for a regulation

Article 4 – paragraph 1 – point 3 – point b a (new)

Text proposed by the Commission

Amendment

 

(b a)  providing financial support and technical assistance to cybersecurity start-ups, SMEs, micro-enterprises, individual experts; to Free and Open Source Software projects, commonly used for infrastructure, products and processes; and to civic tech projects;

Amendment    40

Proposal for a regulation

Article 4 – paragraph 1 – point 3 – point b b (new)

Text proposed by the Commission

Amendment

 

(b b)  providing software security code audits and improvements for Free and Open Source Software projects, commonly used for infrastructure, products and processes;

Amendment    41

Proposal for a regulation

Article 4 – paragraph 1 – point 3 – point c

Text proposed by the Commission

Amendment

(c)  providing cybersecurity knowledge and technical assistance to industry and public authorities, in particular by supporting actions aimed at facilitating access to the expertise available in the Network and the Cybersecurity Competence Community;

(c)  facilitating the sharing of cybersecurity knowledge and technical assistance in particular among SMEs, the manufacturing sector, civil society, industry and public authorities, and the academic and research community, in particular by supporting actions aimed at facilitating access to the expertise available in the Network and the Cybersecurity Competence Community;

Amendment    42

Proposal for a regulation

Article 4 – paragraph 1 – point 3 – point c a (new)

Text proposed by the Commission

Amendment

 

(c a)  promoting “security by design” as a principle in the process of developing, maintaining, operating and updating infrastructures, products and services; in particular by supporting state-of-the-art secure development methods, adequate security testing and security audits.

Amendment    43

Proposal for a regulation

Article 4 – paragraph 1 – point 4 – introductory part

Text proposed by the Commission

Amendment

4.  contribute to the wide deployment of state-of-the-art cyber security products and solutions across the economy, by carrying out the following tasks:

4.  contribute to the wide deployment of state-of-the-art and sustainable cybersecurity products and solutions across the Union and across different sectors of the economy, by carrying out the following tasks:

Amendment    44

Proposal for a regulation

Article 4 – paragraph 1 – point 4 – point a

Text proposed by the Commission

Amendment

(a)  stimulating cybersecurity research, development and the uptake of Union cybersecurity products and solutions by public authorities and user industries;

(a)  stimulating cybersecurity research, development and the uptake of Union cybersecurity products and solutions including by public authorities and industry;

Amendment    45

Proposal for a regulation

Article 4 – paragraph 1 – point 4 – point a a (new)

Text proposed by the Commission

Amendment

 

(a a)  supporting cybersecurity research in the field of cybercrime;

Amendment    46

Proposal for a regulation

Article 4 – paragraph 1 – point 4 – point b

Text proposed by the Commission

Amendment

(b)  assisting public authorities, demand side industries and other users in adopting and integrating the latest cyber security solutions;

(b)  assisting public authorities, demand side industries and other users in adopting and integrating commonly used, state-of-the-art cybersecurity products and solutions;

Amendment    47

Proposal for a regulation

Article 4 – paragraph 1 – point 4 – point c

Text proposed by the Commission

Amendment

(c)  supporting in particular public authorities in organising their public procurement, or carrying out procurement of state-of-the-art cybersecurity products and solutions on behalf of public authorities;

(c)  supporting in particular public authorities in organising their public procurement, procurement of state-of-the-art cybersecurity products and solutions on behalf of public authorities, including by providing support for environmental, social and innovation procurement, in accordance with Directives 2014/24/EU and 2014/25/EU;

Amendment    48

Proposal for a regulation

Article 4 – paragraph 1 – point 4 – point d

Text proposed by the Commission

Amendment

(d)  providing financial support and technical assistance to cybersecurity start-ups and SMEs to connect to potential markets and to attract investment;

(d)  providing financial support and technical assistance to cybersecurity start-ups, individual experts and SMEs to connect to potential markets and deployment opportunities, and to attract investment;

Amendment    49

Proposal for a regulation

Article 4 – paragraph 1 – point 4 – point d a (new)

Text proposed by the Commission

Amendment

 

(d a)  stimulating the uptake of cybersecurity certification in line with the Cybersecurity Act.

Amendment    50

Proposal for a regulation

Article 4 – paragraph 1 – point 5 – introductory part

Text proposed by the Commission

Amendment

5.  improve the understanding of cybersecurity and contribute to reducing skills gaps in the Union related to cybersecurity by carrying out the following tasks:

5.  improve the understanding of cybersecurity, including of individuals; raise awareness of the importance of cybersecurity for pre-empting and addressing threats, contribute to reducing skills gaps, strengthening the level of skills in the Union related to cybersecurity and build a strong cyber skills base by carrying out the following tasks:

Amendment    51

Proposal for a regulation

Article 4 – paragraph 1 – point 5 – point a

Text proposed by the Commission

Amendment

(a)  supporting further development of cybersecurity skills , where appropriate together with relevant EU agencies and bodies including ENISA.

(a)  supporting further development of cybersecurity skills and competences; promoting a common high level of cybersecurity knowledge; and contributing to the resilience of users and infrastructures in the Union in coordination with relevant EU agencies and bodies including ENISA, in particular through the development of training programmes and awareness-raising campaigns.

Amendment    52

Proposal for a regulation

Article 4 – paragraph 1 – point 6 – point a

Text proposed by the Commission

Amendment

(a)  providing financial support to cybersecurity research efforts based on a common, continuously evaluated and improved multiannual strategic, industrial, technology and research agenda;

(a)  providing financial support to cybersecurity research efforts based on a common, continuously evaluated and improved multiannual strategic, industrial, technology and research plan;

Amendment    53

Proposal for a regulation

Article 4 – paragraph 1 – point 6 – point b

Text proposed by the Commission

Amendment

(b)  support large-scale research and demonstration projects in next generation cybersecurity technological capabilities, in collaboration with the industry and the Network;

(b)  supporting large-scale research and demonstration projects in next generation cybersecurity technological capabilities, in collaboration with the industry, the Network and the Community;

Amendment    54

Proposal for a regulation

Article 4 – paragraph 1 – point 6 – point c

Text proposed by the Commission

Amendment

(c)  support research and innovation for standardisation in cybersecurity technology

(c)  supporting research and innovation for the enhancement of standardisation in cybersecurity technology in close cooperation, in particular with the European Standardisation Organisations (ESOs);

Amendment    55

Proposal for a regulation

Article 4 – paragraph 1 – point 6 – point c a (new)

Text proposed by the Commission

Amendment

 

(c a)  supporting the development of independent cybersecurity products and solutions, in close cooperation with the industry, the Network and the Community;

Amendment    56

Proposal for a regulation

Article 4 – paragraph 1 – point 6 – point c b (new)

Text proposed by the Commission

Amendment

 

(c b)  developing the tools and technologies needed to address constantly evolving cybersecurity risks;

Amendment    57

Proposal for a regulation

Article 4 – paragraph 1 – point 7 – point c

Text proposed by the Commission

Amendment

(c)  bringing together stakeholders, to foster synergies between civil and defence cyber security research and markets;

(c)  bringing together stakeholders, to foster synergies between civil and defence cyber security research and markets; where appropriate aligning activities with relevant EU agencies and bodies including ENISA;

Amendment    58

Proposal for a regulation

Article 4 – paragraph 1 – point 8 – point a

Text proposed by the Commission

Amendment

(a)  providing advice, sharing expertise and facilitating collaboration among relevant stakeholders;

(a)  advising, sharing expertise and facilitating collaboration among relevant stakeholders;

Amendment    59

Proposal for a regulation

Article 4 – paragraph 1 – point 8 – point b

Text proposed by the Commission

Amendment

(b)  managing multinational cyber defence projects, when requested by Member States, and thus acting as a project manager within the meaning of Regulation XXX [Regulation establishing the European Defence Fund].

(b)  managing multinational and cross-border cyber defence projects, when requested by Member States, and thus acting as a project manager within the meaning of Regulation XXX [Regulation establishing the European Defence Fund];

Amendment    60

Proposal for a regulation

Article 4 – paragraph 1 – point 8 – point b a (new)

Text proposed by the Commission

Amendment

 

(b a)  contributing, where appropriate, to the fundamental rights and ethics assessment of cybersecurity research funded by the Competence Centre.

Amendment    61

Proposal for a regulation

Article 4 – paragraph 1 – point 8 a (new)

Text proposed by the Commission

Amendment

 

8 a.  contribute to the Union’s efforts to enhance cooperation with regard to cybersecurity by:

 

(a)  facilitating the participation of the Network and the Community in international conferences;

 

(b)  cooperating with third countries and international organisations within relevant international cooperation frameworks.

Amendment    62

Proposal for a regulation

Article 6 – paragraph 5

Text proposed by the Commission

Amendment

5.  The relationship between the Competence Centre and the National Coordination Centres shall be based on a contractual agreement signed between the Competence Centre and each of the National Coordination Centres. The agreement shall provide for the rules governing the relationship and division of tasks between the Competence Centre and each National Coordination Centre.

5.  The relationship between the Competence Centre and the National Coordination Centres shall be based on a contractual agreement signed between the Competence Centre and each of the National Coordination Centres. The agreement shall consist of the same set of general conditions providing the rules governing the relationship and division of tasks between the Competence Centre and each National Coordination Centre and special conditions tailored on the particular National Coordination Centre.

Amendment    63

Proposal for a regulation

Article 6 – paragraph 5 a (new)

Text proposed by the Commission

Amendment

 

5 a.  The Commission is empowered to adopt delegated acts in accordance with Article -45 in order to define the elements of the contractual agreements referred to in paragraph 5 of this Article, including their format.

Amendment    64

Proposal for a regulation

Article 7 – paragraph 1 – point a

Text proposed by the Commission

Amendment

(a)  supporting the Competence Centre in achieving its objectives and in particular in coordinating the Cybersecurity Competence Community;

(a)  supporting the Competence Centre in achieving its objectives and in particular in establishing and coordinating the Cybersecurity Competence Community;

Amendment    65

Proposal for a regulation

Article 7 – paragraph 1 – point b

Text proposed by the Commission

Amendment

(b)  facilitating the participation of industry and other actors at the Member State level in cross-border projects;

(b)  promoting, encouraging and facilitating the participation of civil society, consumer organisations, academics and researchers, industry, in particular start-ups and SMEs, and other actors at the Member State level in cross-border projects;

Amendment    66

Proposal for a regulation

Article 7 – paragraph 1 – point b a (new)

Text proposed by the Commission

Amendment

 

(b a)  incentivising cross-border projects, particularly for SMEs;

Amendment    67

Proposal for a regulation

Article 7 – paragraph 1 – point c

Text proposed by the Commission

Amendment

(c)  contributing, together with the Competence Centre, to identifying and addressing sector-specific cyber security industrial challenges;

(c)  contributing, together with the Competence Centre, to identifying and addressing sector-specific cybersecurity challenges including cyber-espionage;

Amendment    68

Proposal for a regulation

Article 7 – paragraph 1 – point c a (new)

Text proposed by the Commission

Amendment

 

(c a)  cooperating closely with National Standardisation Organisations to ensure uptake of existing standards and to involve all relevant stakeholders, particularly SMEs, in setting new standards;

Amendment    69

Proposal for a regulation

Article 7 – paragraph 1 – point e

Text proposed by the Commission

Amendment

(e)  seeking to establish synergies with relevant activities at the national and regional level;

(e)  seeking to establish synergies with relevant activities at the national, regional and local level in order to achieve Union security;

Amendment    70

Proposal for a regulation

Article 7 – paragraph 1 – point f a (new)

Text proposed by the Commission

Amendment

 

(f a)  promoting and disseminating a common minimum cybersecurity educational curriculum in cooperation with the relevant bodies in the Member States;

Amendment    71

Proposal for a regulation

Article 7 – paragraph 1 – point g

Text proposed by the Commission

Amendment

(g)  promoting and disseminating the relevant outcomes of the work by the Network, the Cybersecurity Competence Community and the Competence Centre at national or regional level;

(g)  promoting and disseminating the relevant outcomes of the work by the Network, the Cybersecurity Competence Community and the Competence Centre at national, regional and local levels;

Amendment    72

Proposal for a regulation

Article 7 – paragraph 1 – point h

Text proposed by the Commission

Amendment

(h)  assessing requests by entities established in the same Member State as the Coordination Centre for becoming part of the Cybersecurity Competence Community.

(h)  assessing requests by entities and individuals established in the same Member State as the Coordination Centre for becoming part of the Cybersecurity Competence Community;

Amendment    73

Proposal for a regulation

Article 7 – paragraph 1 – point h a (new)

Text proposed by the Commission

Amendment

 

(h a)  promoting awareness campaigns, in particular for SMEs and together with the Competence Centre provide the necessary cybersecurity skills and solutions.

Amendment    74

Proposal for a regulation

Article 8 – paragraph 1

Text proposed by the Commission

Amendment

1.  The Cybersecurity Competence Community shall contribute to the mission of the Competence Centre as laid down in Article 3 and enhance and disseminate cybersecurity expertise across the Union.

1.  The Cybersecurity Competence Community shall contribute to the mission of the Competence Centre as laid down in Article 3 and enhance and disseminate cybersecurity expertise across the Union and provide technical expertise.

Amendment    75

Proposal for a regulation

Article 8 – paragraph 2

Text proposed by the Commission

Amendment

2.  The Cybersecurity Competence Community shall consist of industry, academic and non-profit research organisations, and associations as well as public entities and other entities dealing with operational and technical matters. It shall bring together the main stakeholders with regard to cybersecurity technological and industrial capacities in the Union. It shall involve National Coordination Centres as well as Union institutions and bodies with relevant expertise..

2.  The Cybersecurity Competence Community shall consist of civil society, industry, including SMEs, the European Standardisation Organisations, associations of users, academic and non-profit research organisations, and associations operating at national or at European level, as well as public entities and other entities or individuals dealing with operational and technical matters. It shall bring together the main stakeholders with regard to cybersecurity technological and industrial, societal, academic and research capacities and capabilities in the Union. It shall involve National Coordination Centres as well as Union institutions and bodies with relevant expertise.

Amendment    76

Proposal for a regulation

Article 8 – paragraph 3 a (new)

Text proposed by the Commission

Amendment

 

3 a.  All infrastructures, facilities, assets and resources funded under the Competence Centre shall be located on the territory of the Member States.

Amendment    77

Proposal for a regulation

Article 8 – paragraph 4

Text proposed by the Commission

Amendment

4.  The Competence Centre shall accredit entities established under national law as members of the Cybersecurity Competence Community after an assessment made by the National Coordination Centre of the Member State where the entity is established, on whether that entity meets the criteria provided for in paragraph 3. An accreditation shall not be limited in time but may be revoked by the Competence Centre at any time if it or the relevant National Coordination Centre considers that the entity does not fulfil the criteria set out in paragraph 3 or it falls under the relevant provisions set out in Article 136 of Regulation XXX [new financial regulation].

4.  The Competence Centre shall accredit entities within the meaning of paragraph 3 as members of the Cybersecurity Competence Community after an assessment made by the National Coordination Centre of the Member State where the entity is established, on whether that entity meets the criteria provided for in paragraph 3. An accreditation shall not be limited in time but may be revoked by the Competence Centre at any time if it or the relevant National Coordination Centre considers that the entity does not fulfil the criteria set out in paragraph 3 or it falls under the relevant provisions set out in Article 136 of Regulation XXX [new financial regulation].

Amendment    78

Proposal for a regulation

Article 8 – paragraph 4 a (new)

Text proposed by the Commission

Amendment

 

4 a.  National Coordination Centres of the Member States shall aim to achieve a balanced representation of stakeholders in the Community, including SMEs, and shall actively stimulate participation from under-represented stakeholder categories.

Amendment    79

Proposal for a regulation

Article 8 – paragraph 4 b (new)

Text proposed by the Commission

Amendment

 

4 b.  The Commission is empowered to adopt delegated acts in accordance with Article -45, in order to further specify the criteria provided for in paragraph 3 of this Article and the procedures for assessing and accrediting entities that meet those criteria.

Amendment    80

Proposal for a regulation

Article 9 – paragraph 1 – point 5 a (new)

Text proposed by the Commission

Amendment

 

(5 a)  encourage Community members that are manufacturers and service providers to certify their products and services under certification schemes adopted under the Cybersecurity Act.

Amendment    81

Proposal for a regulation

Article 10 – paragraph 2

Text proposed by the Commission

Amendment

2.  Such cooperation shall take place within the framework of working arrangements. Those arrangements shall be submitted to the prior approval of the Commission.

2.  Such cooperation shall take place within the framework of working arrangements agreed between the Competence Centre and the respective Union institution, body, office or agency. Those arrangements shall be adopted by the Governing Board after prior approval of the Commission.

Amendment    82

Proposal for a regulation

Article 12 – paragraph 1

Text proposed by the Commission

Amendment

1.  The Governing Board shall be composed of one representative of each Member State, and five representatives of the Commission, on behalf of the Union.

1.  The Governing Board shall be composed of one representative of each Member State and five representatives of the Commission, on behalf of the Union. The Governing Board shall also include one member designated by the European Parliament, with no voting rights.

Amendment    83

Proposal for a regulation

Article 12 – paragraph 3

Text proposed by the Commission

Amendment

3.  Members of the Governing Board and their alternates shall be appointed in light of their knowledge in the field of technology as well as of relevant managerial, administrative and budgetary skills. The Commission and the Member States shall make efforts to limit the turnover of their representatives in the Governing Board, in order to ensure continuity of the Board’s work. The Commission and the Member States shall aim to achieve a balanced representation between men and women on the Governing Board.

3.  Members of the Governing Board and their alternates shall be appointed in light of their knowledge in the field of cybersecurity technology or research as well as of relevant managerial, administrative and budgetary skills. The Commission and the Member States shall make efforts to limit the turnover of their representatives in the Governing Board, in order to ensure continuity of the Board’s work. The Commission and the Member States shall ensure a balanced representation between men and women on the Governing Board.

Amendment    84

Proposal for a regulation

Article 12 – paragraph 6

Text proposed by the Commission

Amendment

6.  The Commission may invite observers, including representatives of relevant Union bodies, offices and agencies, to take part in the meetings of the Governing Board as appropriate.

6.  The Governing Board may invite observers, including representatives of the Industrial and Scientific Advisory Board and other relevant Union bodies, offices and agencies, to take part in the meetings of the Governing Board as appropriate, to ensure expertise is brought in and to build stronger links with industry and research communities.

Amendment    85

Proposal for a regulation

Article 12 – paragraph 7 a (new)

Text proposed by the Commission

Amendment

 

7 a.  The Chair of the Industrial and Scientific Advisory Board may attend meetings of the Governing Board, as an observer with no voting rights, where such meetings concern its tasks, as set out in Article 20.

Amendment    86

Proposal for a regulation

Article 16 – paragraph 1

Text proposed by the Commission

Amendment

1.  The Executive Director shall be a person with expertise and high reputation in the areas where the Competence Centre operates.

1.  The Executive Director shall be a person with in-depth knowledge and professional expertise in the areas where the Competence Centre operates.

Amendment    87

Proposal for a regulation

Article 16 – paragraph 3

Text proposed by the Commission

Amendment

3.  The Executive Director shall be appointed by the Governing Board from a list of candidates proposed by the Commission, following an open and transparent selection procedure.

3.  The Executive Director shall be appointed by the Governing Board from a list of candidates proposed by the Commission, following an open, transparent and non-discriminatory selection procedure, while respecting gender equality.

Amendment    88

Proposal for a regulation

Article 16 – paragraph 5

Text proposed by the Commission

Amendment

5.  The term of office of the Executive Director shall be four years. By the end of that period, the Commission shall carry out an assessment which takes into account the evaluation of the performance of the Executive Director and the Competence Centre’s future tasks and challenges.

5.  The term of office of the Executive Director shall be five years. By the end of that period, the Commission shall carry out an assessment which takes into account the evaluation of the performance of the Executive Director and the Competence Centre’s future tasks and challenges.

Amendment    89

Proposal for a regulation

Article 16 – paragraph 6

Text proposed by the Commission

Amendment

6.  The Governing Board may, acting on a proposal from the Commission which takes into account the assessment referred to in paragraph 5, extend once the term of office of the Executive Director for no more than four years.

6.  The Governing Board may, acting on a proposal from the Commission which takes into account the assessment referred to in paragraph 5, extend once the term of office of the Executive Director for no more than five years.

Amendment    90

Proposal for a regulation

Article 17 – paragraph 2 – point h

Text proposed by the Commission

Amendment

(h)  prepare an action plan following-up on the conclusions of the retrospective evaluations and reporting on progress every two years to the Commission

(h)  prepare an action plan following-up on the conclusions of the retrospective evaluations and reporting on progress every two years to the European Parliament and to the Commission;

Amendment    91

Proposal for a regulation

Article 17 – paragraph 2 – point s

Text proposed by the Commission

Amendment

(s)  prepare an action plan following-up conclusions of internal or external audit reports, as well as investigations by the European Anti-Fraud Office (OLAF) and reporting on progress twice a year to the Commission and regularly to the Governing Board;

(s)  prepare an action plan following-up conclusions of internal or external audit reports, as well as investigations by the European Anti-Fraud Office (OLAF) and reporting on progress twice a year to the European Parliament and the Commission and regularly to the Governing Board;

Amendment    92

Proposal for a regulation

Article 18 – paragraph 1

Text proposed by the Commission

Amendment

1.  The Industrial and Scientific Advisory Board shall consist of no more than 16 members. The members shall be appointed by the Governing Board from among the representatives of the entities of the Cybersecurity Competence Community.

1.  The Industrial and Scientific Advisory Board shall consist of no more than 25 members. The members shall be appointed by the Governing Board by means of an open, transparent and non-discriminatory procedure from among the representatives of the entities of the Cybersecurity Competence Community.

Amendment    93

Proposal for a regulation

Article 18 – paragraph 1 a (new)

Text proposed by the Commission

Amendment

 

1 a.  The membership of the Industrial and Scientific Advisory Board shall be balanced, and shall include appropriate representation of industry, particularly SMEs, the academic community, and civil society including consumer organisations.

Amendment    94

Proposal for a regulation

Article 18 – paragraph 2

Text proposed by the Commission

Amendment

2.  Members of the Industrial and Scientific Advisory Board shall have expertise either with regard to cybersecurity research, industrial development, professional services or the deployment thereof. The requirements for such expertise shall be further specified by the Governing Board.

2.  Members of the Industrial and Scientific Advisory Board shall have cybersecurity expertise with regard to at least one of the following domains:

 

(a)  research;

 

(b)  industrial development;

 

(c)  training and education.

Amendment    95

Proposal for a regulation

Article 18 – paragraph 4

Text proposed by the Commission

Amendment

4.  The term of office of members of the Industrial and Scientific Advisory Board shall be three years. That term shall be renewable.

4.  The term of office of members of the Industrial and Scientific Advisory Board shall be four years. That term shall be renewable.

Amendment    96

Proposal for a regulation

Article 18 – paragraph 5

Text proposed by the Commission

Amendment

5.  Representatives of the Commission and of the European Network and Information Security Agency may participate in and support the works of the Industrial and Scientific Advisory Board.

5.  Representatives of the Commission and of the European Network and Information Security Agency shall participate in and support the works of the Industrial and Scientific Advisory Board.

Amendment    97

Proposal for a regulation

Article 19 – paragraph 1

Text proposed by the Commission

Amendment

1.  The Industrial and Scientific Advisory Board shall meet at least twice a year.

1.  The Industrial and Scientific Advisory Board shall meet at least three times a year.

Amendment    98

Proposal for a regulation

Article 20 – paragraph 1 – point 1 a (new)

Text proposed by the Commission

Amendment

 

(1 a)  advise the Governing Board on the establishment of working groups, under the overall coordination of one or more members of the Industrial and Scientific Advisory Board, on specific issues relevant to the work of the Competence Centre, and shall nominate participants;

Amendment    99

Proposal for a regulation

Article 20 – paragraph 1 – point 1 b (new)

Text proposed by the Commission

Amendment

 

(1 b)  provide the Executive Director and the Governing Board with a draft medium-to-long-term agenda on cybersecurity technology;

Amendment    100

Proposal for a regulation

Article 20 – paragraph 1 – point 3 a (new)

Text proposed by the Commission

Amendment

 

(3 a)  foster cooperation by building upon previous and current EU multi-stakeholders initiatives in the field of cybersecurity.

Amendment    101

Proposal for a regulation

Article 21 – paragraph 1 – point b a (new)

Text proposed by the Commission

Amendment

 

(b a)  An amount from the European Defence Fund for actions and administrative costs related to defence.

Amendment    102

Proposal for a regulation

Article 21 – paragraph 4

Text proposed by the Commission

Amendment

4.  The Union financial contribution shall not cover the tasks referred to in Article 4(8)(b)

4.  The European Defence Fund shall cover the tasks referred to in Article 4(8)(b).

Amendment    103

Proposal for a regulation

Article 22 – paragraph 4

Text proposed by the Commission

Amendment

4.  The Commission may terminate, proportionally reduce or suspend the Union’s financial contribution to the Competence Centre if the participating Member States do not contribute, contribute only partially or contribute late with regard to the contributions referred to in paragraph 1.

deleted

Amendment    104

Proposal for a regulation

Article 23 – paragraph 8 a (new)

Text proposed by the Commission

Amendment

 

8 a.  The Competence Centre shall cooperate closely with other Union institutions, agencies, in particular ENISA and other relevant bodies;

Amendment    105

Proposal for a regulation

Article 35 – paragraph 2

Text proposed by the Commission

Amendment

2.  The Competence Centre shall ensure that the public and any interested parties are given appropriate, objective, reliable and easily accessible information, in particular with regard to the results of its work. It shall also make public the declarations of interest made in accordance with Article 41.

2.  The Competence Centre shall ensure that the public and any interested parties are provided with comprehensive, objective, reliable and easily accessible information, in particular with regard to the results of the work of the Competence Centre, the Network, the Industry and Scientific Advisory Board and the Community. It shall also make public the declarations of interest made in accordance with Article 42.

Justification

"Article 41" reference corrected to Article 42 as discussed with the Commission.

Amendment    106

Proposal for a regulation

Article 35 – paragraph 2 a (new)

Text proposed by the Commission

Amendment

 

2 a.  The Competence Centre shall provide the public and any interested parties with a list of the Cybersecurity Competence Community members and shall make public the declarations of interest made by them in accordance with Article 42.

Amendment    107

Proposal for a regulation

Article 38 – paragraph 3

Text proposed by the Commission

Amendment

3.  The evaluation referred to in paragraph 2 shall include an assessment of the results achieved by the Competence Centre, having regard to its objectives, mandate and tasks. If the Commission considers that the continuation of the Competence Centre is justified with regard to its assigned objectives, mandate and tasks, it may propose that the duration of the mandate of the Competence Centre set out in Article 46 be extended.

3.  The evaluation referred to in paragraph 2 shall include an assessment of the results achieved by the Competence Centre, having regard to its objectives, mandate and tasks, as well as an assessment of the effectiveness and efficiency of the Competence Centre in achieving those results. If the Commission considers that the continuation of the Competence Centre is justified with regard to its assigned objectives, mandate and tasks, it may propose that the duration of the mandate of the Competence Centre set out in Article 46 be extended.

Amendment    108

Proposal for a regulation

Article 42 – paragraph 1

Text proposed by the Commission

Amendment

The Competence Centre Governing Board shall adopt rules for the prevention and management of conflicts of interest in respect of its members, bodies and staff. Those rules shall contain the provisions intended to avoid a conflict of interest in respect of the representatives of the members serving in the Governing Board as well as the Scientific and Industrial Advisory Board in accordance with Regulation XXX [new Financial Regulation].

The Competence Centre Governing Board shall adopt rules for the prevention and management of conflicts of interest in respect of its members, bodies and staff, including the Executive Director. Those rules shall contain the provisions intended to avoid a conflict of interest in respect of the representatives of the members serving in the Governing Board as well as the Scientific and Industrial Advisory Board in accordance with Regulation XXX [new Financial Regulation].

Amendment    109

Proposal for a regulation

Article 42 – paragraph 1 a (new)

Text proposed by the Commission

Amendment

 

Member States shall ensure the prevention, identification, and resolution of conflicts of interest in respect of the National Coordination Centres.

Amendment    110

Proposal for a regulation

Article 44 – paragraph -1 (new)

Text proposed by the Commission

Amendment

 

-1.  The host Member State shall provide the best possible conditions to ensure the proper functioning of the Competence Centre, including a single location, the accessibility of the location, the existence of adequate education facilities for the children of staff members, appropriate access to the labour market, social security and medical care for both children and partners.

Amendment    111

Proposal for a regulation

Article 44 – paragraph 1

Text proposed by the Commission

Amendment

An administrative agreement may be concluded between the Competence Centre and the Member State [Belgium] in which its seat is located concerning privileges and immunities and other support to be provided by that Member State to the Competence Centre.

An administrative agreement shall be concluded between the Competence Centre and the Member State [Belgium] in which its seat is located concerning privileges and immunities and other support to be provided by that Member State to the Competence Centre.

Amendment    112

Proposal for a regulation

Article 44 a (new)

Text proposed by the Commission

Amendment

 

Article 44 a

 

Exercise of the delegation

 

1.  The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.

 

2.  The power to adopt delegated acts referred to in Articles 6(5a) and 8(4b) shall be conferred on the Commission for an indeterminate period of time from [date of entry into force of this Regulation].

 

3.  The delegation of power referred to in Articles 6(5a) and 8(4b) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

 

4.  Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making.

 

5.  As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.

 

6.  A delegated act adopted pursuant to Articles 6(5a) and 8(4b) shall enter into force only if no objection has been expressed either by the European Parliament or by the Council within a period of two months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by two months at the initiative of the European Parliament or of the Council.

(This Article is part of Chapter VII)

PROCEDURE – COMMITTEE ASKED FOR OPINION

Title

Establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres

References

COM(2018)0630 – C8-0404/2018 – 2018/0328(COD)

Committee responsible

       Date announced in plenary

ITRE

1.10.2018

 

 

 

Opinion by

       Date announced in plenary

IMCO

1.10.2018

Rapporteur

       Date appointed

Arndt Kohn

24.9.2018

Discussed in committee

6.12.2018

21.1.2019

 

 

Date adopted

29.1.2019

 

 

 

Result of final vote

+:

–:

0:

31

2

0

Members present for the final vote

Pascal Arimont, Carlos Coelho, Sergio Gaetano Cofferati, Anna Maria Corazza Bildt, Daniel Dalton, Nicola Danti, Pascal Durand, Evelyne Gebhardt, Maria Grapini, Liisa Jaakonsaari, Philippe Juvin, Nosheena Mobarik, Jiří Pospíšil, Marcus Pretzell, Virginie Rozière, Christel Schaldemose, Andreas Schwab, Olga Sehnalová, Jasenko Selimovic, Igor Šoltes, Ivan Štefanec, Róża Gräfin von Thun und Hohenstein, Mihai Ţurcanu, Anneleen Van Bossuyt, Marco Zullo

Substitutes present for the final vote

Biljana Borzan, Nadja Hirsch, Arndt Kohn, Adam Szejnfeld, Marc Tarabella, Matthijs van Miltenburg, Lambert van Nistelrooij

Substitutes under Rule 200(2) present for the final vote

John Stuart Agnew

VOTE FINAL PAR APPEL NOMINALEN COMMISSION SAISIE POUR AVIS

31

+

ALDE

Nadja Hirsch, Matthijs van Miltenburg, Jasenko Selimovic

ECR

Daniel Dalton, Nosheena Mobarik, Anneleen Van Bossuyt

EFDD

Marco Zullo

PPE

Pascal Arimont, Carlos Coelho, Anna Maria Corazza Bildt, Philippe Juvin, Lambert van Nistelrooij, Jiří Pospíšil, Andreas Schwab, Ivan Štefanec, Adam Szejnfeld, Róża Gräfin von Thun und Hohenstein, Mihai Ţurcanu

S&D

Biljana Borzan, Sergio Gaetano Cofferati, Nicola Danti, Evelyne Gebhardt, Maria Grapini, Liisa Jaakonsaari, Arndt Kohn, Virginie Rozière, Christel Schaldemose, Olga Sehnalová, Marc Tarabella

VERTS/ALE

Pascal Durand, Igor Šoltes

2

-

ENF

John Stuart Agnew, Marcus Pretzell

0

0

 

 

Légende des signes utilisés:

+  :  pour

-  :  contre

0  :  abstention


PROCEDURE – COMMITTEE RESPONSIBLE

Title

Establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres

References

COM(2018)0630 – C8-0404/2018 – 2018/0328(COD)

Date submitted to Parliament

12.9.2018

 

 

 

Committee responsible

       Date announced in plenary

ITRE

1.10.2018

 

 

 

Committees asked for opinions

       Date announced in plenary

BUDG

1.10.2018

IMCO

1.10.2018

 

 

Not delivering opinions

       Date of decision

BUDG

9.10.2018

 

 

 

Rapporteurs

       Date appointed

Julia Reda

7.11.2018

 

 

 

Discussed in committee

14.1.2019

 

 

 

Date adopted

19.2.2019

 

 

 

Result of final vote

+:

–:

0:

49

2

6

Members present for the final vote

Zigmantas Balčytis, Bendt Bendtsen, Xabier Benito Ziluaga, Cristian-Silviu Buşoi, Reinhard Bütikofer, Jerzy Buzek, Angelo Ciocca, Jakop Dalunde, Pilar del Castillo Vera, Christian Ehler, Fredrick Federley, Ashley Fox, Adam Gierek, Theresa Griffin, András Gyürk, Hans-Olaf Henkel, Seán Kelly, Jeppe Kofod, Peter Kouroumbashev, Zdzisław Krasnodębski, Christelle Lechevalier, Janusz Lewandowski, Edouard Martin, Tilly Metz, Angelika Mlinar, Csaba Molnár, Dan Nica, Angelika Niebler, Morten Helveg Petersen, Miroslav Poche, Carolina Punset, Julia Reda, Paul Rübig, Massimiliano Salini, Algirdas Saudargas, Neoklis Sylikiotis, Evžen Tošenovský, Kathleen Van Brempt, Martina Werner, Lieve Wierinck, Hermann Winkler, Anna Záborská, Flavio Zanonato, Carlos Zorrinho

Substitutes present for the final vote

Pilar Ayuso, Michał Boni, Rosa D’Amato, Benedek Jávor, Olle Ludvigsson, Marian-Jean Marinescu, Clare Moody, Markus Pieper, Dominique Riquet, Anneleen Van Bossuyt

Substitutes under Rule 200(2) present for the final vote

Eleonora Evi, Christelle Lechevalier, Aleksejs Loskutovs, Luigi Morgano

Date tabled

22.2.2019


FINAL VOTE BY ROLL CALL IN COMMITTEE RESPONSIBLE

49

+

ALDE

Fredrick Federley, Angelika Mlinar, Morten Helveg Petersen, Carolina Punset, Dominique Riquet, Lieve Wierinck

EFDD

Rosa D'Amato, Eleonora Evi

ENF

Christelle Lechevalier

PPE

Pilar Ayuso, Bendt Bendtsen, Michał Boni, Cristian-Silviu Buşoi, Jerzy Buzek, Pilar del Castillo Vera, Christian Ehler, András Gyürk, Seán Kelly, Janusz Lewandowski, Aleksejs Loskutovs, Marian-Jean Marinescu, Angelika Niebler, Markus Pieper, Paul Rübig, Massimiliano Salini, Algirdas Saudargas, Hermann Winkler, Anna Záborská

S&D

Zigmantas Balčytis, Adam Gierek, Theresa Griffin, Jeppe Kofod, Peter Kouroumbashev, Olle Ludvigsson, Edouard Martin, Csaba Molnár, Clare Moody, Luigi Morgano, Dan Nica, Miroslav Poche, Kathleen Van Brempt, Martina Werner, Flavio Zanonato, Carlos Zorrinho

VERTS/ALE

Reinhard Bütikofer, Jakop Dalunde, Benedek Jávor, Tilly Metz, Julia Reda

2

-

GUE/NGL

Xabier Benito Ziluaga, Neoklis Sylikiotis

6

0

ECR

Ashley Fox, Hans-Olaf Henkel, Zdzisław Krasnodębski, Evžen Tošenovský, Anneleen Van Bossuyt

ENF

Angelo Ciocca

Key to symbols:

+  :  in favour

-  :  against

0  :  abstention

Last updated: 7 March 2019Legal notice