EU To Create A Common Cybersecurity Certification Framework And Beef Up Its Agency


Sunday, June 10, 2018   10.35PM / EU CyberSecurity 

The EU is to enhance its cyber resilience by setting up an EU-wide certification framework for information and communication technology (ICT) products, services and processes. The industry could use the new mechanism to certify products such as connected cars and smart medical devices. The Council today agreed its general approach on the proposal, known as the Cybersecurity Act. The proposal will also upgrade the current European Union Agency for Network and Information Security (ENISA) into a permanent EU agency for cybersecurity.


We all want our devices to be secure. This new certification framework will increase trust and confidence in innovative digital solutions. - Ivaylo Moskovski, Bulgarian Minister for Transport, Information Technology and Communications.

Common cybersecurity certification

The draft regulation creates a mechanism for setting up European cybersecurity certification schemes for specific ICT processes, products, and services. Certificates issued under the schemes will be valid in all EU countries, making it easier for users to gain confidence in the security of these technologies, and for companies to carry out their business across borders.


Certification will be voluntary unless otherwise specified in EU law or member states' law.


Features covered would include for instance resilience to accidental or malicious data loss or alteration.


There will be three different assurance levels: basic, substantial or high. For the basic level, it will be possible for manufacturers or service providers to carry out the conformity assessment themselves.


EU agency for cybersecurity

The new rules will grant ENISA a permanent mandate and clarify its role as the EU agency for cybersecurity. ENISA will be given new tasks in supporting member states, EU institutions and other stakeholders on cyber issues. It will organise regular EU-level cybersecurity exercises, and support and promote EU policy on cybersecurity certification. The first EU legal act on cybersecurity, the network and information security (NIS) directive from 2016, had already given ENISA a key role in supporting the implementation of the directive.


A national liaison officers network will be part of the mandate facilitating information sharing between ENISA and the member states. 


How will the text become law?

The text agreed today is the Council's position for negotiations with the European Parliament. Both the Council and the Parliament have to agree on the final text before it can enter into force.


Proshare Nigeria Pvt. Ltd.

Proshare Nigeria Pvt. Ltd.

Related News

1.       Kenya Bankers Association Partners With Tech Firms For Online Safety Campaign

2.      Eurojust - Council Of Europe: Joint Conference On Judicial Cooperation In Cybercrime Matters

3.      Five digital security tools to protect your work and sources

4.      Malware and Non-malware Ways For ATM Jackpotting – Olga Kochetova

5.      G-7 Finance Ministers And Central Bank Governors Release Cyber Security Report

6.      Online Privacy Guide: How to Stay Safe on the Web

7.      US SEC Announces Enforcement Initiatives To Combat Cyber-Based Threats And Protect Retail Investors

8.     US SEC Statement: Approach On Cybersecurity, Risks & Markets

9.      US SEC Discloses Electronic Trading Was Hacked in 2016, Gains From Illicit Trades Possible

10.  New York State DFS Cybersecurity Regulation Compliance Requirements Are Effective Today

11.   2015 Annual Report of Nigeria Electronic Fraud Forum

12.  Cybersecurity of Interbank Messaging and Wholesale Payment Networks: FFIEC

Related News