The role of the European Network and Information Security Agency (ENISA)

ENISA's objectives

The European Network and Information Security Agency (ENISA) was established in 2004 for a period of five years to "ensure a high and effective level of network and information security within the Community, (…) in order to develop a culture of network and information security for the benefit of the citizens, consumers, enterprises and public sector organisations of the European Union, thus contributing to the smooth functioning of the internal market.”

Following an initial period in Brussels during the start-up phase, the Agency moved to Heraklion, Greece.

ENISA's Tasks

The tasks conferred on the Agency include

Collecting appropriate information with a view to carrying out an analysis of current and emerging risks, in particular those which are likely to have an impact on the resilience of electronic communications networks and on the authenticity, integrity and confidentiality of those communications.
Developing ‘common methodologies’ to :
- prevent security threats
- contribute to raising awareness
- promote exchanges of ‘current best practices’ and ‘methods of alert’ and risk assessment and management activities
Enhancing cooperation

between the actors involved in the area of network and information security
between the Commission / Member States and industry to address security-related problems in hardware and software products
on international level, between the Community and third States, or, where appropriate, international organisations to promote a common global approach to network and information security issues

Future of ENISA

Under the Regulation establishing ENISA, the mandate of ENISA is set to expire on 13 March 2009. Therefore, the Commission launched an evaluation of the Agency by an external panel of experts in 2006. A Communication on the evaluation of ENISA was subsequently issued in 2007 and a public consultation launched on the future of ENISA. See the results of the public consultation.

Following a Commission’s proposal, on 24 September 2008, the Council and the European Parliament adopted a Regulation extending the mandate of ENISA “à l’identique” with three years till 13 March 2012. In the recitals of the Regulation, both European Institutions called for “further discussion about the Agency [and] the general direction of the European efforts towards an increased network and information security.”

In order to facilitate this debate, the Commission services held a public consultation on the possible objectives of a strengthened NIS policy at EU level. A large majority of respondents supported an extension of the Agency mandate and advocated an enlarged role in cooperation of NIS activities at the European level as well as for an increase of its resources.

NEW REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL Concerning the European Network and Information Security Agency (ENISA)