ENISA and a new cybersecurity act

06-09-2018

On 13 September 2017, the Commission adopted a cybersecurity package with new initiatives to further improve EU cyber resilience, deterrence and defence. As part of these, the Commission tabled a legislative proposal to strengthen the European Union Agency for Network Information Security (ENISA). Following the adoption of the Network Information Security Directive in 2016, ENISA is expected to play a broader role in the EU’s cybersecurity landscape but is constrained by its current mandate and resources. The Commission has presented an ambitious reform proposal, including a permanent mandate for the agency, to ensure that ENISA can not only provide expert advice, as has been the case until now, but can also perform operational tasks. The proposal also envisages the creation of the first voluntary EU cybersecurity certification framework for ICT products, where ENISA will also play an important role. Within the European Parliament, the Industry, Research and Energy Committee adopted its report on the proposal in July, together with the decision to start negotiations with the Council. The first trilogue meeting is provisionally scheduled for 13 September, once Parliament approves the mandate during the September plenary session. Second edition. The ‘EU Legislation in Progress’ briefings are updated at key stages throughout the legislative procedure.

On 13 September 2017, the Commission adopted a cybersecurity package with new initiatives to further improve EU cyber resilience, deterrence and defence. As part of these, the Commission tabled a legislative proposal to strengthen the European Union Agency for Network Information Security (ENISA). Following the adoption of the Network Information Security Directive in 2016, ENISA is expected to play a broader role in the EU’s cybersecurity landscape but is constrained by its current mandate and resources. The Commission has presented an ambitious reform proposal, including a permanent mandate for the agency, to ensure that ENISA can not only provide expert advice, as has been the case until now, but can also perform operational tasks. The proposal also envisages the creation of the first voluntary EU cybersecurity certification framework for ICT products, where ENISA will also play an important role. Within the European Parliament, the Industry, Research and Energy Committee adopted its report on the proposal in July, together with the decision to start negotiations with the Council. The first trilogue meeting is provisionally scheduled for 13 September, once Parliament approves the mandate during the September plenary session. Second edition. The ‘EU Legislation in Progress’ briefings are updated at key stages throughout the legislative procedure.