The European Parliament, Council and Commission have reached a joint agreement on the EU Cybersecurity Act, which establishes a framework for cybersecurity in the EU.
The EU Cybersecurity Act, first proposed in 2017, aims to support Member States in combating cyberattacks and provides a mechanism for an EU-wide cybersecurity certification for devices and online services. It includes the establishment of a permanent mandate for the European Union Agency for Network and Information and Security (ENISA), which will oversee cybersecurity across the EU and run security drills to help Member States prepare for online attacks and threats.
Mariya Gabriel, Commissioner in charge of Digital Economy and Society, added: “Enhancing Europe’s cybersecurity, and increasing the trust of citizens and businesses in the digital society is a top priority for the European Union. Major incidents such as Wannacry and NotPetya have acted as wake-up calls, because they dearly showed the potential consequences of large scale cyberattacks. In this perspective, I strongly believe that [the EU Cybersecurity Act] both improves our Union’s overall security and supports business competitiveness.”
The cybersecurity certification scheme will cover products, processes and services, providing a standardised guarantee for consumers of enhanced security across their devices and services. The EU Cybersecurity Act details the particular importance of a system of cybersecurity certification for critical infrastructure functions, such as energy grids, water supplies and banking systems; in order to ensure the safety of these essential services.
European Commission Vice-President and Commissioner in charge of the Digital Single Market Andrus Ansip said: “In the digital environment, people as well as companies need to feel secure; it is the only way for them to take full advantage of Europe’s digital economy. Trust and security are fundamental for our Digital Single Market to work properly. [The EU Cybersecurity Act]’s agreement on comprehensive certification for cybersecurity products and a stronger EU Cybersecurity Agency is another step on the path to its completion.”