PAe - Published the european regulation on cybersecurity
accesskey _ mod _ content

Published the european regulation on cybersecurity

10 june 2019

On 7 june was published in the DOUE regulation 2019/881 of the european parliament and council regulation on ENISA (european agency for Cybersecurity) and the certification of security of information and communication technologies and repealing Regulation 526/2013 (regulation on cybersecurity).

The Regulation on cybersecurity (Opens in new window) establishes, on the one hand, the objectives, tasks and organizational aspects relating to ENISA (european union agency for cybersecurity) (Opens in new window) ; and, on the other hand, a framework for the creation of european certification schemes of cyber security, in order to ensure an adequate level of safety of products, services and ict processes in the eu, as well as to avoid fragmentation of the internal market in the field of certification of cyber security; it will come into force on 27 june 2019.

Firstly, develop ENISA aspects that would help to reduce the fragmentation of the internal market acting as a point of reference of advice and expertise in the area of cybersecurity in the eu. The regulation sets out its objectives, tasks, projections, its budget, personnel, and other general provisions, such as their legal status.

The tasks of ENISA include: to contribute to the development and implementation of policy and the law of the union; to see the creation of capacities of cybersecurity; support cooperation between member states, institutions, bodies and agencies of the union and between the parties concerned (CERT-UE, CSIRT network, exercises of cybersecurity, reports on the situation of cyber-cooperative response); market, certification of cybersecurity and standardization; knowledge and information; awareness raising and education; research and innovation; and international cooperation.

The second major issue addressed in the regulation is the creation of the european framework for cyber security certification that pursues a harmonized approach to european certification schemes of cybersecurity in the eu, with the aim of creating a digital single market for products, services and ict processes.

This european framework for certification of cyber security defines a mechanism for the establishment of a european certification schemes of cybersecurity, and to confirm that the products, services and ict processes that have been evaluated according to these schemes meet safety requirements specified in order to protect the availability, authenticity, integrity and confidentiality of data stored, transmitted or defendants or functions or services offered, or those that allow access, these products, services and processes throughout their life cycle.

The Commission (Opens in new window) issued a rolling programme of work for the european schemes for certification of security that will define strategic priorities for future schemes. Will Include a list of products, services and ict processes, or categories thereof, which could benefit from their inclusion within the scope of a european scheme of certification of cyber security.

It also establishes the rules of procedure, conditions for the application, repair, adoption and revision of european certification schemes of cyber security; as well as on its objectives, items, levels of assurance, dissemination. It also sets out provisions on the certification of cyber security; the schema and national certification certificates of cyber security; the national authorities of certification of cyber security; the conformity assessment bodies; and on a european group of Certification of cyber security.

Original source of news (Opens in new window)

  • Security