COVID-19 AWARENESS: Xcina Consulting is open and operating, as usual, and here to support organisations during these challenging times. We are available to provide risk assurance and advisory services to help navigate the challenges of the new ways of working. Contact Us
Menu Close

The EU’s Proposed Cybersecurity Act 2019

Background

  • In September 2017, the EU Commission communicated their plans to bring forward cybersecurity measures and regulations to build strong cybersecurity for the EU through enhanced resilience, deterrence and defence measures.
  • The plan was a joint proposal by the Commission and High Representative of the Union for Foreign Affairs and Security Policy through the continuance of ENISA’s (the EU’s Agency for Cybersecurity) proposed measures.
  • On 12th March 2019, EU Parliament agreed upon the proposals for the Cybersecurity Act 2019.

Impact

The Cybersecurity Act 2019 provides for enhanced measures for greater resilience, deterrence and defence measures for cybersecurity. These are detailed as follows:

  • A permanent mandate for the EU’s cybersecurity agency, ENISA as well as the provision of resources allowing the agency to deliver on previously agreed objectives;
  • The creation of a framework for cybersecurity certificates for products, processes and services that will be valid throughout the EU.
  • The certification framework incorporates security features in the early stages of the product or services technical design and development (security by design), introduces security assurance measures and requirement to have these independently verified;
  • Stronger basis for ENISA in the new cyber certification framework and greater to support Member States in effectively responding to cyberattacks and greater collaboration and coordination at EU level;
  • ENISA is charged with building stronger cybersecurity capacity and preparedness.
  • ENISA will act as an independent centre of expertise that will promote a high level of awareness across the EU at both citizen and corporate levels.

Timeline

  • 12/03/19 EU Parliament agrees on the proposals of the Cybersecurity Act 2019
  • Formal approval of Cybersecurity Act 2019 by EU Parliament and EU Council will follow in the coming weeks.
  • The Text will be published in the EU Official Journal and will enter into force immediately thereafter, most likely before May 2019 ahead of EU parliamentary elections.