Proposal for a regulation establishing the European cybersecurity industrial, technology and research competence centre
In “A Europe Fit for the Digital Age”
On 13 September 2017, the Commission adopted a cybersecurity package (see related wagon). The package presents a number of actions to improve and strengthen EU's cybersecurity capacity, including the proposal for the creation of a cybersecurity competence network with a European Cybersecurity Research and Competence Centre.
On 12 September 2018, the Commission presented a proposal for a Regulation establishing the European cybersecurity industrial, technology and research competence centre and the network of national coordination centres. The initiative aims to stimulate the European cybersecurity technological and industrial ecosystem to coordinate and pool relevant resources in the EU. It builds from the contractual public private partnership on cybersecurity created in 2016. The initiative will be supported by the future Digital Europe and Horizon Europe EU programmes. The competence centre will be funded jointly by Member States and the EU: The Union's contribution proposed amounts to nearly 2 billion euros coming from the Digital Europe programme, which will be complemented with an additional 2.8 billion euros coming from the Horizon Europe programme.
In its conclusions of 20 November 2017, the Council welcomed the intention to set up a cybersecurity competence network to support the development and deployment of cybersecurity technologies. It asked to ensure complementarity and avoid duplication within the network of cybersecurity competence centres and with other EU agencies.
In its conclusion of 14 December 2017, the European Council asked the Commission, the Council and the Member States to examine possible measures addressing the skills challenges linked to digitalisation.
Within the European Parliament the file has been assigned to the Committee on Industry, Research and Energy (ITRE) rapporteur Julia Reda (Greens-EFA, Germany). The draft report was published on 7 December 2018. The Committee on Internal Market and Consumer Protection (IMCO) provided an opinion. The Committee on Budgets (BUDG) decided not to give an opinion. The report was adopted on the 19 February 2019 at the ITRE committee meeting and approved by Parliament during the March I 2019 plenary. Trilogue negotiations started already in March 2019, however given the short timeframe they had to be suspended as no agreement was reached. Parliament confirmed its position in first reading during the April II 2019 plenary and the file was left for the next legislative term. After the European elections (May 2019), Rasmus Andresen (Greens-EFA, Germany) was appointed as new rapporteur.
On 3 December 2019, the Council met to talk about its position on this file.
Cybersecurity remains a priority area for further action in the years to come under the new political guidelines for the new European Commission 2019-2024.
At the Council, a new mandate for negotiations with the European Parliament was agreed by Coreper on 3 June 2020.
A third trilogue took place on 25 June 2020 - more than a year after the last trilogue in March 2019.
During the ITRE committee meeting on 6 July 2020 the rapporteur gave details of the latest trilogue meeting negotiations with the Council and explained some of the main issues at stake: the EU role in developing cybersecurity in the competence center remained to be clarified. Parliament wanted the competence center mandate to broaden: apart from distributing funds to participants from the Digital Europe programme and Horizon Europe programme it also should actively develop and support open source and standardisation. Parliament was also in favour of adding the civil society and businesses organisations to the structure of the advisory board of the competence center. Other remaining issues such as the decision on the voting rights and the seat of the center remained to be decided later on.
On 19 October 2020, the regulation was included in the Commission Work Programme 2021 (Annex III) as one of the priority pending proposals.
On 28 October 2020, the fourth trilogue took place. The rapporteur debriefed the ITRE meeting on 12 November 2020.
Meanwhile the procedure for the selection of the seat of the centre was launched at the Council. On 28 October 2020, Bucharest, Romania was selected as the seat of the new European cybersecurity industrial, technology and research competence centre.
On 11 December 2020, during the fifth trilogue meeting, the negotiators of the Council and the European Parliament reached a provisional agreement on a proposal to set up a European Cybersecurity Industrial, Technology and Research Competence Centre and a network of national coordination centres.
On 14 January 2021, the Industry committee voted in favour of the provisional agreement reached in trilogue with 69 votes in favour to 3 and 4 abstentions.
In its conclusion on the EU cybersecurity strategy from 22 March 2021 the European Council asked for the rapid set up and operationalisation of the European cybersecurity competence centre in Bucharest and for a prompt adoption of its agenda to strengthen the EU strategic autonomy and support technological capacities and skills development for the industry and academic communities, including SMEs and research centres.
The Council approved the legislation creating the centre and the network on 20 April 2021 in first reading. The ITRE committee adopted the draft recommendation for second reading on 26 April 2021 with 64 votes in favour, 1 abstention and 10 against it. The European Parliament adopted the text during the 19th May 2021 plenary session.
The cybersecurity competence centre opened its doors on 8 May 2023 in Bucharest, Romania.
References:
- EP Legislative Observatory, European Cybersecurity Industrial, Technology and Research Competence Centre and Network of National Coordination Centres, 2018/0328(COD)
- European Commission, Communication: 5G deployment in the EU-implementing the toolbox, COM(2020)50
- European Commission, Proposal for a Regulation establishing the European cybersecurity industrial, technology and research competence centre and the network of national coordination centres, COM(2018) 630
- European Council, Conclusions on the EU cybersecurity strategy, 22 March 2021
- European Council, Press release, New Cybersecurity Competence Centre and network: informal agreement with the European Parliament, 11 December 2020
Further reading:
- European Parliament, EPRS, The new European cybersecurity competence centre and network, Briefing, EU Legislation in Progress, May 2024
- European Parliament, EPRS, Establishing a cybersecurity competence centre and a network of national coordination centres, Briefing, Initial Appraisal of a European Commission Impact Assessment, February 2019
Author: Maria del Mar Negreiro Achiaga, Members' Research Service, legislative-train@europarl.europa.eu