New Cybersecurity Strategy
On 27 May 2020, the Commission adopted a new Communication Europe's moment: Repair and Prepare for the Next Generation. As part of the package, the new Cybersecurity Strategy will look at how to boost EU-level cooperation, knowledge and capacity. It will also help Europe strengthen its industrial capabilities and partnerships, and encourage the emergence of SMEs in the field. This will accompany the review of the Directive on security of network and information systems and a proposal for additional measures on Critical Infrastructure Protection. Together with the ongoing work on cybersecurity as part of the EU Security Union, this will increase capabilities within Member States and boost the EU’s overall cybersecurity.
The Cybersecurity Act: For an enhanced cyber resilience
On 13 September 2017 the Commission adopted a cybersecurity package. The Cybersecurity Act, which has now entered into force, lay at the core of the package. The changes this new EU regulation brings about are twofold: a comprehensive reform of ENISA and the creation of a certification framework.
ENISA – the EU cybersecurity agency
Faced with ever-new challenges ENISA (European Union Agency for Network and Information Security) had found itself increasingly constrained by the mandate it had initially received. The Cybersecurity Act bestows a permanent mandate upon the agency, together with greater financial and human resources. This will ensure that ENISA can provide support to Member States, EU institutions and businesses in key areas, including the implementation of the NIS Directive. The new ENISA will also empowered to contribute to stepping up both operational cooperation and crisis management across the EU.
A single cybersecurity market
The growth of the cybersecurity market in the EU – in terms of products, services and processes – is held back in a number of ways, also due to lack of a cybersecurity certification scheme recognised across the EU. The Commission has therefore put forward a proposal to set up an EU certification framework with ENISA at its heart.
The NIS directive
The NIS directive (Directive on security of network and information systems), adopted in July 2016, is the first piece of EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU.
Blueprint for rapid emergency response
The Commission's blueprint for rapid emergency response provides a plan in case of a large scale cross-border cyber incident or crisis. It sets out the objectives and modes of cooperation between the Member States and EU Institutions in responding to such incidents and crises, and explains how existing Crisis Management mechanisms can make full use of existing cybersecurity entities at EU level.
Securing the electoral process
In September 2018, the Commission issued a package of measures to support free and fair European elections, it includes a recommendation (PDF) on election cooperation networks, online transparency, protection against cybersecurity incidents and fighting disinformation campaigns. In April 2019, ahead of the European elections, the European Parliament, EU Member States, the Commission and ENISA carried out a live test of their preparedness.
The European Cybersecurity Industrial, Technology and Research Competence Centre
In 2018, building on the Cybersecurity Act, the European Commission proposed the creation of a Network of Cybersecurity Competence Centres and a new European Cybersecurity Industrial, Technology and Research Competence Centre to invest in stronger and pioneering cybersecurity capacity in the EU.
Secure 5G deployment in the EU
In a Communication of 29 January 2019, the Commission has called on Member States to take steps to implement the set of measures recommended in the 5G toolbox conclusions by 30 April 2020 and to prepare a joint report on the implementation in each Member State by 30 June 2020.
The framework for a joint EU diplomatic response to malicious cyber activities (the “cyber diplomacy toolbox”) sets out the measures under the Common Foreign and Security Policy, including restrictive measures which can be used to strengthen the EU's response to activities that harm its political, security and economic interests.