On 13 September 2017, the Commission issued a proposal for a Regulation to strengthen the role of the EU Agency for Network and Information Security (“ENISA“) by:

  • granting it a permanent mandate;
  • clarifying its role as the information hub of the EU for cybersecurity; and
  • tasking it with the responsibility of proactively contributing to policy in the area of network information and security.

The proposal also introduces EU-wide cybersecurity certification schemes for ICT products and services, which will be prepared by ENISA.  This aims to address current market fragmentation and provide a comprehensive set of cybersecurity rules, technical requirements, standards and procedures.

As part of the EU’s Cybersecurity Strategy, the EU Directive on Security of Network and Information Systems (“NIS Directive”) was adopted in March this year.  A link to our previous blog post on this is available here.  Under the NIS Directive, ENISA was given the role of secretariat to the Computer Security Incident Response Teams, known as the CSIRTs Network.  In addition, the NIS Directive requires ENISA to assist Member States and the Commission by providing expertise and advice and by facilitating the exchange of best practices across the EU.