The European Union´s three policy making bodies – the European Parliament, the Council and the European Commission – this week moved one step closer to approving the Cybersecurity Act, legislation that would establish a permanent mandate for the European cybersecurity agency and create a cybersecurity certification framework for products, processes and services offered in the EU.
The Cybersecurity Act, proposed in 2017, would provide the European Agency for Network and Information Security (ENISA) with more resources to enable it to fulfill its goals. The agency would be tasked with helping increase cybersecurity capabilities at an EU level and support capacity building and preparedness, according to the European Commission.
In addition, ENISA would also be responsible for preparing the cybersecurity certification schemes along with the industry and Member State certification authorities.
Udo Helmbrecht, ENISA´s executive director, said the permanent mandate was a major achievement for the agency.
“The European Union has taken another important step in increasing the level of cybersecurity in the European digital environment,” Helmbrecht said. “The new cybersecurity certification framework will provide business opportunities for the EU cybersecurity industry, in addition to stimulating the development of more reliable ICT products and services.”
The new European cybersecurity certificate framework is considered groundbreaking given that it is the first EU internal market law that regulates the security of online services and consumer devices. According to the European Commission, the framework requires the industry and other players to include security features in the early stages of technical design and development, adopting a concept referred to as “security by design.”
Andrus Ansip, European Commission Vice President in charge of the Digital Single Market, said the deal by Europe´s three policy making bodies was one step forward in the path towards a Digital Single Market.
“In the digital environment, people as well as companies need to feel secure,” Ansip said. “It is the only way for them to take full advantage of Europe´s digital economy. Trust and security are fundamental for our Digital Single Market to work properly.”
The Cybersecurity Act must now be formally approved by the European Parliament and the Council of the European Union. Once it is approved and published in the EU Official Journal, it will go into force immediately.