Skip to main content
Shaping Europe’s digital future

The EU Cybersecurity Act

The Cybersecurity Act strengthens the EU Agency for cybersecurity (ENISA) and establishes a cybersecurity certification framework for products and services.

    Hands type at a laptop keyboard, an icon of a padlock in a shield appears over them.

© iStock by Getty Images -1037348986 Urupong

A new mandate for ENISA

ENISA, the EU Agency for cybersecurity, is now stronger. The EU Cybersecurity Act grants a permanent mandate to the agency, and gives it more resources and new tasks.

ENISA will have a key role in setting up and maintaining the European cybersecurity certification framework by preparing the technical ground for specific certification schemes. It will be in charge of informing the public on the certification schemes and the issued certificates through a dedicated website. 

ENISA is mandated to increase operational cooperation at EU level, helping EU Member States who wish to request it to handle their cybersecurity incidents, and supporting the coordination of the EU in case of large-scale cross-border cyberattacks and crises.

This task builds on ENISA’s role as secretariat of the national Computer Security Incidents Response Teams (CSIRTs) Network, established by the Directive on security of network and information systems (NIS Directive).

A European cybersecurity certification framework

The EU Cybersecurity Act introduces an EU-wide cybersecurity certification framework for ICT products, services and processes. Companies doing business in the EU will benefit from having to certify their ICT products, processes and services only once and see their certificates recognised across the European Union.

More on the certification framework

Proposed Amendment

On 18 April 2023, the Commission proposed a targeted amendment to the EU Cybersecurity ActThe proposed amendment will enable the future adoption of European certification schemes for ‘managed security services’ covering areas such as incident response, penetration testing, security audits and consultancy. Certification is key to ensure high level of quality and reliability of these highly critical and sensitive cybersecurity services which assist companies and organisations to prevent, detect, respond to or recover from incidents.

 

Latest News

PRESS RELEASE |
Commission presents new initiatives for digital infrastructures of tomorrow

The Commission has presented a set of possible actions to foster the innovation, security and resilience of digital infrastructures. The future competitiveness of Europe's economy depends on these advanced digital network infrastructures and services, since fast, secure, and widespread connectivity is essential for the deployment of the technologies that will bring us into tomorrow's world: telemedicine, automated driving, predictive maintenance of buildings, or precision agriculture.

Related Content

Big Picture

Cybersecurity Policies

The European Union works on various fronts to promote cyber resilience, safeguarding our communication and data and keeping online society and economy secure.

See Also

The EU Cyber Solidarity Act

The EU Cyber Solidarity Act will improve the preparedness, detection and response to cybersecurity incidents across the EU.

22 Cybersecurity projects selected to receive €10.9 million

Operators of Essential Services (OES), National Cybersecurity Certification Authorities (NCCAs) and National Competent Authorities (NCAs) for cybersecurity are among the selected applicants that will receive €11 million in funding by the Connecting Europe Facility cybersecurity...