New Operation Rules for ENISA

The European Parliament, the Council of the European Union, and the European Commission have reached a compromise on the text of the Cybersecurity Act. The Act aims to strengthen ENISA ˈs position and to recognize ENISA as main the EU Agency for Cybersecurity.

This Act grants to ENISA a broad mandate in the field of cybersecurity and it creates preconditions for the creation of European Certification Framework. The Agency will be able to provide a better support and cooperation to Member States to address cybersecurity incidents and respond to cyber threats and attacks.     

Strengthening the mandate is another important step in strengthening the security of the European cyberspace. The most important changes relate to the overall status of the Agency:

  • ENISA has been given a permanent mandate with the increase in staffing and funding,
  • ENISA will increase assistance and support to EU Member States to improve skills and expertise particularly in the field of prevention, solving and solution coordination of cybersecurity incidents,
  • Within the Cybersecurity Certification Framework ENISA will have market economy-related tasks, notably in the field of certification framework preparation, by providing expert assistance and cooperation to national certification bodies and industry representatives,
  • ENISA will fortify its support to Member States and EU institutions in creation, implementation and revisions of rules and politics in the cybersecurity field. 

The new Cybersecurity Act requires a formal approval by the European Parliament and the Council of the European Union. In the upcoming days, the legislation process will continue at the plenary session of the European Parliament. The Act shall enter into force after its publication in the Official Journal of the European Union.