The European Commission has expressed its satisfaction with the recent political agreement between the European Parliament and the Council of the EU regarding the proposed Regulation on cybersecurity measures for EU institutions, bodies, offices, and agencies. This agreement marks a significant step forward in enhancing cybersecurity across the European Union. The next phase involves final approval of the legal text by the European Parliament and the Council.
The Cybersecurity Regulation, first proposed by the Commission in March 2022, aims to establish a comprehensive framework for governance, risk management, and control in cybersecurity across all EU entities. A new inter-institutional Cybersecurity Board will be created to oversee its implementation. Additionally, the mandate of the Computer Emergency Response Team for the EU institutions, known as CERT-EU, will be expanded to serve as a central advisory body, threat intelligence and information exchange hub, and incident response coordination center. CERT-EU will be renamed the “Cybersecurity Service for the Union institutions, bodies, offices, and agencies,” while retaining its familiar abbreviation for recognition purposes.
Key elements of the proposed Regulation for EU institutions include the establishment of governance and risk management frameworks, regular maturity assessments, implementation of cybersecurity measures, the development of cybersecurity improvement plans, and the timely sharing of incident-related information with CERT-EU.
Once the text is finalized, formal adoption of the Regulation by the European Parliament and the Council will be required for it to come into effect. Compliance with the obligations and deadlines outlined in the Regulation will contribute to bolstering cybersecurity within the EU administration, ensuring greater resilience and preparedness to address future challenges.
The proposed Cybersecurity Regulation aligns with the Council of the European Union’s resolution from March 2021, which emphasized the need for a robust and consistent security framework to protect EU personnel, data, communication networks, information systems, and decision-making processes. It is also in line with existing EU cybersecurity policies, including the NIS 2 Directive, the Cybersecurity Act, and the Commission Recommendation on coordinated response to large-scale cybersecurity incidents and crises.
With the political agreement now reached, the EU is one step closer to strengthening cybersecurity across its institutions and enhancing its overall security culture.
https://ec.europa.eu/commission/presscorner/detail/en/IP_23_3483