Proposal for a regulation establishing the European Cybersecurity Industrial, Technology and Research Competence Centre

In “A Europe Fit for the Digital Age”

PDF version

For a brief overview of the key points of the adopted text and its significance for the citizen, please see the corresponding summary note.

On 13 September 2017, the Commission adopted a cybersecurity package (see related wagon). The package presents a number of actions to improve and strengthen EU's cybersecurity capacity, including the proposal for the creation of a cybersecurity competence network with a European Cybersecurity Research and Competence Centre at its heart.

On 12 September 2018, the Commission presented a proposal for a Regulation establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres. The initiative aims to stimulate the European cybersecurity technological and industrial ecosystem to coordinate and pool relevant resources in the EU. It builds from the contractual Public Private Partnership on cybersecurity created in 2016. The initiative will be supported by the future Digital Europe and Horizon Europe programmes, foreseen in the next multiannual financial framework 2021-2026. The Competence Centre will be funded jointly by member states and the EU: The Union's contribution proposed amounts to nearly 2 billion Euro coming from the Digital Europe Programme, which will be complemented with an additional 2.8 billion coming from the Horizon Europe programme.

In its conclusions of 20 November 2017, the Council welcomed the intention to set up a Cybersecurity competence network to support the development and deployment of cybersecurity technologies. It asked for ensuring complementarity and avoiding duplication within the Network of Cybersecurity Competence Centres and with other EU agencies.

In its conclusion of 14 December 2017, the European Council asked the Commission, the Council and the Member States to examine possible measures addressing the skills challenges linked to digitalisation.

Within the European Parliament the file has been assigned to the Industry committee (ITRE) rapporteur Julia Reda (Greens-EFA, Germany). The draft report was published on 7 December 2018. The Internal Market and Consumer Protection (IMCO) committee will provide an opinion. The Budget Committee (BUDG) decided not to give an opinion.The report was adopted in the 19 February 2019 ITRE committee meeting and approved by Parliament during the March I 2019 plenary. Trilogue negotiations started already in March 2019, however given the short timeframe they had to be suspended as no agreement was reached. Since then Parliament has confirmed its position in first reading during the April II plenary and the file has been left for the next Legislative Term. On Wednesday 25 September, MEPs from the Committee on Industry, Research and Energy (ITRE) confirmed the negotiating mandate from the former term. Since then during the last Strasbourg Plenary session on 21 October 2019, it was decided that this file is among those considered unfinished business to be carried over to the next term.

After the European elections (May 2019), Rasmus Andresen (Greens-EFA, Germany) was appointed as new rapporteur.

On 3 December 2019, the Council met to talk about its position on this file.

Cybersecurity remains a priority area for further action in the years to come under the new political guidelines for the new European Commission 2019-2024.

At the Council, a new mandate for negotiations with the European Parliament was agreed by Coreper on 3 June 2020.

A third trilogue took place on 25 June 2020 - more than a year after the last trilogue in March 2019.

During the Industry committee meeting on 6 July 2020 the rapporteur gave details of the latest trilogue meeting negotiations with the Council and explained some of the main issues at stake: the EU role in developing cybersecurity in the competence center remains to be clarified. Parliament would like the competence center mandate to broaden: apart from distributing funds to participants from the Digital Europe Programme and Horizon Europe programme it also should actively develop and support open source and standardisation. Parliament is also in favour of adding the civil society and businesses organisations to the structure of the advisory board of the competence center. Other remaining issues such as the decision on the voting rights and the seat of the center are also still to be decided later on.

On 19 October 2020, the regulation was included in the Commission Work Programme 2021 (Annex III) as one of the priority pending proposals.

On 28 October 2020, the fourth trilogue took place. The rapporteur debriefed the ITRE meeting on 12 November 2020.

Meanwhile the procedure for the selection of the seat of the centre was launched at the Council on 28 October 2020, Bucharest, Romania was selected by representatives of the governments of the EU member states as the seat of the new European Cybersecurity Industrial, Technology and Research Competence Centre.

On 11 December 2020, during the fifth trilogue meeting, the negotiators of the Council and the European Parliament reached a provisional agreement on a proposal to set up a European Cybersecurity Industrial, Technology and Research Competence Centre and a network of national coordination centres.

On 14 January 2021, the Industry committee voted in favour of the provisional agreement reached in trilogue with 69 votes in favour to 3 and 4 abstentions.

In its conclusion on the EU cybersecurity strategy from 22 March 2021 the European Council asked for the rapid set up and operationalisation of the European Cybersecurity Competence Centre in Bucharest and for a prompt adoption of its agenda to strengthen the EU strategic autonomy and support technological capacities and skills development for the industry and academic communities, including SMEs and research centres.

The Council approved the legislation creating the Centre and the network on 20 April 2021 in first reading. The ITRE committee adopted the draft recommendation for second reading on 26 April 2021 with 64 votes in favour, 1 abstention and 10 against it. The European Parliament adopted the text during the 19th May 2021 plenary session.



Further reading:

Author: Maria del Mar Negreiro Achiaga, Members' Research Service, 

As of 15/12/2022.