The EU Cybersecurity Act enters into force

Cyber Policy -Brussels -27 June 2019

Another step forward to strengthen EU cybersecurity

Brussels - ECSO welcomes the entry into force of the European Cybersecurity Act which sets the new mandate of ENISA, the EU Agency for Cybersecurity, and establishes the European cybersecurity certification framework.

With this Act, ENISA, the EU Agency for Cybersecurity, will take on a permanent mandate including increased responsibilities and resources. In parallel, and as a first example of its kind, the European cybersecurity certification framework establishes the governance and rules for EU-wide certification of ICT products, processes and services.

Promptly after the establishment of the Public-Private Partnership on cybersecurity in 2016, ECSO was encouraged by the European Commission to contribute to the discussions and the preparatory work of a European cybersecurity certification framework. ECSO has been working on increasing the understanding of needs, requirements and challenges in terms of standardisation and certification. With the publication of its Meta-Scheme Approach and the State-of-the-Art(SOTA) Syllabus of certification schemes and standards, ECSO has ensured important steps towards structuring the public-private landscape, enhancing trust by defining transparent rules, and identifying relevant gaps to foster harmonisation in Europe.

"Our Public-Private Partnership is geared to help reduce the impact of cybersecurity attacks and improve the resilience of an increasingly digitalised society and industry. ECSO is an early supporter of the development and use of trusted European solutions across the European supply chain and the various sectors. With the Cybersecurity Act entering into force, Europe has armed itself with a full-fledge European Agency and a very first EU-wide certification framework, setting important building blocks to a stronger European approach on cybersecurity in terms of capacity building and competitiveness of the market" – Luigi Rebuffi, Secretary General of ECSO.

Today, ECSO continues to build and develop the European cybersecurity community and facilitates the public-private sectors dialogue around key topics, including guidelines and best practices for the assessment and evaluation of items to be certified and criteria to be considered for deciding the fit-for-purpose type of assessment (soon to be published), which supports the establishment of a harmonised definition of cybersecurity certification schemes.

ECSO currently works on user cases to showcase its Meta-Scheme Approach and collaborates with the European Commission’s Joint Research Centre (JRC) and other stakeholders to define common good practices and requirements. Recognising the importance of certification for developing a strong European cybersecurity market, ECSO has also signed a memorandums of understanding (MoUs) with the European Standard Organisations, CEN/CENELEC and ETSI, and is looking forward to a continued collaboration and dialogue with ENISA on supporting the implementation of the EU Cybersecurity Act.

Relevant documents:

The official text of the EU Cybersecurity Act

Background information

The EU Cyber Act at a glance

Questions & Answers

#EUCyberAct - #cybersecurity - #DSM - #ENISA