ENISA and a new cybersecurity act

26-02-2019

In September 2017, the Commission adopted a cybersecurity package with new initiatives to further improve EU cyber-resilience, deterrence and defence. As part of these, the Commission tabled a legislative proposal to strengthen the EU Agency for Network Information Security (ENISA). Following the adoption of the Network Information Security Directive in 2016, ENISA is expected to play a broader role in the EU’s cybersecurity landscape but is constrained by its current mandate and resources. The Commission presented an ambitious reform proposal, including a permanent mandate for the agency, to ensure that ENISA can not only provide expert advice, as has been the case until now, but can also perform operational tasks. The proposal also envisages the creation of the first voluntary EU cybersecurity certification framework for ICT products, where ENISA will also play an important role. Within the European Parliament, the Industry, Research and Energy Committee adopted its report on the proposal in July. A agreement was reached with the Council during the fifth trilogue meeting, on 10 December 2018, and this was approved by ITRE committee on 14 January. The vote in plenary on this text is scheduled in March 2019. Third edition. The ‘EU Legislation in Progress’ briefings are updated at key stages throughout the legislative procedure. Please note this document has been designed for on-line viewing.

In September 2017, the Commission adopted a cybersecurity package with new initiatives to further improve EU cyber-resilience, deterrence and defence. As part of these, the Commission tabled a legislative proposal to strengthen the EU Agency for Network Information Security (ENISA). Following the adoption of the Network Information Security Directive in 2016, ENISA is expected to play a broader role in the EU’s cybersecurity landscape but is constrained by its current mandate and resources. The Commission presented an ambitious reform proposal, including a permanent mandate for the agency, to ensure that ENISA can not only provide expert advice, as has been the case until now, but can also perform operational tasks. The proposal also envisages the creation of the first voluntary EU cybersecurity certification framework for ICT products, where ENISA will also play an important role. Within the European Parliament, the Industry, Research and Energy Committee adopted its report on the proposal in July. A agreement was reached with the Council during the fifth trilogue meeting, on 10 December 2018, and this was approved by ITRE committee on 14 January. The vote in plenary on this text is scheduled in March 2019. Third edition. The ‘EU Legislation in Progress’ briefings are updated at key stages throughout the legislative procedure. Please note this document has been designed for on-line viewing.