EU to create a common cybersecurity certification framework and beef up its agency
Council conclusions on the third progress report on the implementation of the common set of proposals endorsed by the EU and NATO Councils on 6 December 2016 and 5 December 2017
The EU is to enhance its cyber resilience by setting up an EU-wide certification framework for information and communication technology (ICT) products, services and processes. The industry could use the new mechanism to certify products such as connected cars and smart medical devices. The Council has agreed its general approach on the proposal, known as the Cybersecurity Act. The proposal will also upgrade the current European Union Agency for Network and Information Security (ENISA) into a permanent EU agency for cybersecurity.
We all want our devices to be secure. This new certification framework will increase trust and confidence in innovative digital solutions.
Ivaylo Moskovski, Bulgarian Minister for Transport, Information Technology and Communications.
Common cybersecurity certification
The draft regulation creates a mechanism for setting up European cybersecurity certification schemes for specific ICT processes, products, and services. Certificates issued under the schemes will be valid in all EU countries, making it easier for users to gain confidence in the security of these technologies, and for companies to carry out their business across borders.
Certification will be voluntary unless otherwise specified in EU law or member states' law.
Features covered would include for instance resilience to accidental or malicious data loss or alteration.
There will be three different assurance levels: basic, substantial or high. For the basic level, it will be possible for manufacturers or service providers to carry out the conformity assessment themselves.
EU agency for cybersecurity
The new rules will grant ENISA a permanent mandate and clarify its role as the EU agency for cybersecurity. ENISA will be given new tasks in supporting member states, EU institutions and other stakeholders on cyber issues. It will organise regular EU-level cybersecurity exercises, and support and promote EU policy on cybersecurity certification. The first EU legal act on cybersecurity, the network and information security (NIS) directive from 2016, had already given ENISA a key role in supporting the implementation of the directive.
A national liaison officers network will be part of the mandate facilitating information sharing between ENISA and the member states.
How will the text become law?
The text agreed is the Council's position for negotiations with the European Parliament. Both the Council and the Parliament have to agree on the final text before it can enter into force.
- Cybersecurity Act – Council general approach
- Reform of cyber security in Europe (background information)
- Digital single market for Europe (background information)
Latest News from
State aid: Commission approves modifications to Polish scheme, including €5.1 billion budget increase, to support companies in context of Russia's invasion of Ukraine12/08/2022 13:25:00
The European Commission has approved modifications, including a budget increase of €5.1 billion (PLN 24.5 billion), to an existing Polish scheme to support companies across sectors in the context of Russia's invasion of Ukraine.
Ukraine: the EU has coordinated the delivery of more than 60,000 tonnes of life-saving assistance12/08/2022 12:25:00
As of yesterday, the EU has coordinated the delivery of 66,224 tonnes of in-kind assistance to Ukraine from 30 countries via the EU Civil Protection Mechanism.
State aid: Commission finds no aid given to Greek industrial parks manager ETVA VIPE12/08/2022 10:25:00
The European Commission has concluded that certain public measures in favour of industrial park manager ETVA Industrial Areas SA (‘ETVA VIPE') do not constitute State aid within the meaning of EU rules.
Collé receives EU financing for further electrification of rental machinery12/08/2022 09:25:00
Collé Rental & Sales has signed a €50 million loan agreement with the European Investment Bank (EIB).
Antitrust: Commission seeks feedback on performance of exemption for liner shipping consortia11/08/2022 15:25:00
The European Commission recently (09 August 2022) launched a call for evidence inviting feedback on the performance of the EU legal framework which exempts liner shipping consortia from EU antitrust rules (Consortia Block Exemption Regulation or ‘CBER').
COVID-19 vaccines: Commission and Moderna adapt delivery schedules for late summer and winter11/08/2022 14:10:00
The European Commission and Moderna have reached an agreement to better address Member States needs for COVID-19 vaccines for the late summer and winter period.
State aid: Commission clears financing of Post Danmark's universal service obligation11/08/2022 13:25:00
The European Commission has approved, under EU State aid rules, Denmark's compensation to Post Danmark for its universal postal service obligation in 2020.
Palestine: EU announces €261 million in support of UNRWA's operations11/08/2022 12:25:00
The European Union recently (09 August 2022) confirmed its role as a long-standing, predictable and reliable partner of the United Nations Relief and Works Agency for Palestine Refugees in the Near East (UNRWA) and one of its largest donors.
EU Cohesion Policy: €76 million for a just climate transition in Austria11/08/2022 11:20:00
The Commission has adopted the Territorial Just Transition Plans (TJTP) for Austria together with the first funding under the Just Transition Fund (JTF) worth €76 million.