Skip to main content
Shaping Europe’s digital future logo

The EU Cybersecurity Act

The Cybersecurity Act strengthens the EU Agency for cybersecurity (ENISA) and establishes a cybersecurity certification framework for products and services.

© iStock by Getty Images -1037348986 Urupong

A new mandate for ENISA

ENISA, the EU Agency for cybersecurity, is now stronger. The EU Cybersecurity Act grants a permanent mandate to the agency, and gives it more resources and new tasks.

ENISA will have a key role in setting up and maintaining the European cybersecurity certification framework by preparing the technical ground for specific certification schemes. It will be in charge of informing the public on the certification schemes and the issued certificates through a dedicated website. 

ENISA is mandated to increase operational cooperation at EU level, helping EU Member States who wish to request it to handle their cybersecurity incidents, and supporting the coordination of the EU in case of large-scale cross-border cyberattacks and crises.

This task builds on ENISA’s role as secretariat of the national Computer Security Incidents Response Teams (CSIRTs) Network, established by the Directive on security of network and information systems (NIS Directive).

A European cybersecurity certification framework

The EU Cybersecurity Act introduces an EU-wide cybersecurity certification framework for ICT products, services and processes. Companies doing business in the EU will benefit from having to certify their ICT products, processes and services only once and see their certificates recognised across the European Union.

More on the certification framework

Latest

The European Cybersecurity Competence Centre and Network moves forward: future Governing Board meets for the first time

The European Commission has organised an informal virtual meeting of the future Governing Board of the European Cybersecurity Competence Centre, gathering representatives from Member States, the Commission and the European Union Agency for Cybersecurity, ENISA. The meeting focused on the preparations for the establishment of the Centre and discussed the next steps, including practical aspects and the rules of procedure.

Cybersecurity of 5G networks: Commission requests the EU cybersecurity agency to develop a certification scheme

The Commission has tasked the European Union Agency for Cybersecurity, ENISA, to prepare the EU's cybersecurity certification scheme for 5G networks that will help address risks related to technical vulnerabilities of the networks and further enhance their cybersecurity. Certification plays a critical role in increasing trust and security in digital products and services – however, at the moment, there are various security certification schemes for IT products, including 5G networks, in Europe.

New EU Cybersecurity Strategy and new rules to make physical and digital critical entities more resilient

The Commission and the High Representative of the Union for Foreign Affairs and Security Policy have presented this week a new EU Cybersecurity Strategy. As a key component of Shaping Europe's Digital Future, the Recovery Plan for Europe and the EU Security Union Strategy, the Strategy will bolster Europe's collective resilience against cyber threats and help to ensure that all citizens and businesses can fully benefit from trustworthy and reliable services and digital tools.

Related Content

Big Picture

Cybersecurity Policies

The European Union works on various fronts to promote cyber resilience, safeguarding our communication and data and keeping online society and economy secure.

See Also

22 Cybersecurity projects selected to receive €10.9 million

Operators of Essential Services (OES), National Cybersecurity Certification Authorities (NCCAs) and National Competent Authorities (NCAs) for cybersecurity are among the selected applicants that will receive €11 million in funding by the Connecting Europe Facility cybersecurity...

European Cybersecurity Competence Network and Centre

The mission of the European Cybersecurity Network and a Competence Centre is to help the EU retain and develop the cybersecurity technological and industrial capacities necessary. This goes hand-in-hand with the key objective to increase the competitiveness of the EU's...

The Cybersecurity Strategy

The EU Cybersecurity Strategy aims to build resilience to cyber threats and ensure citizens and businesses benefit from trustworthy digital technologies.

NIS Cooperation Group

The Network and Information Systems Cooperation Group was established by the NIS Directive to ensure cooperation and information exchange among Member States.

NIS Directive

The NIS Directive is the first piece of EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU.