EU Cybersecurity Act: What does it mean?
On 27 June, the EU Cybersecurity Act set a new mandate for ENISA (the EU agency for cybersecurity) and established a cybersecurity certification framework. The act was passed in order to improve cyber resilience, increase truse in the Digital Single Market (DSM) and scale up the EU’s response to cyber-attacks.
The new act strengthens ENISA by giving it more tasks and resources in order to assist EU Member States in dealing with cyber-attacks. The goal is to improve the coordination and cooperation in cybersecurity across all Member States, EU institutions, agencies and bodies. To do this, ENISA will contribute to better information sharing between Member States through the network of Computer Security Incident Response Teams (CSIRTs) and by organising regular pan-European cybersecurity exercises and trainings. It will also assist Member States in implementing the Directive on the Security of Network and Information Systems (NIS Directive), which stipulates reporting obligations of national authorities in the case of serious cybersecurity incidents. Under the new mandate, ENISAs main tasks consist of:
- Policy development and implementation
- Knowledge and information
- Operational cooperation
- Capacity building
- Market-related tasks within the Cybersecurity Certification Framework
ENISA will have a central role in establishing and supporting the implementation of the EU Cybersecurity Framework. This certification plays a huge role in increasing the trust and security in products and services that are crucial to the DSM. While there are currently a variety of different security certification schemes for ICT products in the EU, the lack of standardisation leads to an increasing risk of barriers and fragmentation in the single market. ENISA, along with national experts, will create a framework that will be adopted by the European Commission through implementing acts. The EU wide cybersecurity certification framework will be recognised by each Member State, making it easier for businesses to trade across borders and for consumers to understand the security features of the product or service.
User acceptance is critical to the success of Automated Driving (AD). Citizens who are considering purchasing a service but are aware of the cybersecurity risks, can consult the ENISA European Cybersecurity Certification website. On there, they will be able to find a model that has been certified with the appropriate cybersecurity requirements and other helpful information from the manufacturer on how to setup, or configure the product. The certification framework can also increase the integrity of ICT products as providers will be keen on obtaining a certificate and possibly using a specific label in order to make buyers aware.
Follow the link to read more about the EU Cybersecurity Act.