Digital Single Market
Digital Economy & Society

Action 28: Reinforced Network and Information Security Policy

The action aimed at the Commission to reinforce the Network and Information Security Policy and modernise the European Network and Information Security Agency (ENISA), and measures allowing faster reactions in the event of cyber-attacks, including a CERT for the EU institutions.

The Regulation to extend ENISA mandate for a seven year period to 2020 was agreed by the European Parliament in April 2013. The cyber security strategy and NIS directive were adopted in February 2013

What is the problem? Networks are not secure

The internet has become a critical information infrastructure, encompassing IT systems and networks across the globe. It must be resilient and secure against all sorts of threats.

Why is EU action required? EU helps Member States to cooperate

Strong cooperation between EU governments, public bodies and private companies is necessary to improve information exchange and to ensure that security problems are addressed quickly and effectively.

The European Network Information and Security Agency (ENISA) serves as a focal point for this exchange and cooperation. An enhanced ENISA is expected to have a significant positive economic impact, as the current costs associated with network and information security breaches are considerable and are still growing.

To react to threats in real-time conditions, a well-functioning and wider network of Computer Emergency Response Teams (CERTs) should also be established in Europe, including for European institutions (see Action 38 for more information on CERTs).

What has the Commission done so far?

In 2012:

In 2013:

  • Presented in February 2013 a proposal, together with the High Representative of the Union for Foreign Affairs and Security Policy, for a 'Cyber security Strategy of the European Union' (action 124 of the Digital Agenda Review package).
  • Presented in February 2013 a legislative proposal on enhanced network and information security across the Union (action 123 of the Digital Agenda Review package).
  • Secured ENISA's future – in April 2013 the European Parliament voted to extend ENISA's mandate by seven years.
  • Established a public-private Platform on Network and Information Security as part of the European Strategy for Cybersecurity

What will the Commission do next?

In 2014:

  • Work with the European Parliament and Council on the adoption of the NIS Directive (Action 123)
  • Implement the EU Cybersecurity Strategy (Action 124)
Progress Report
Status: Completed Gustav Kalbe Gustav Kalbe