This post is also available in: Español

Regulation (EU) 2019/881 of April 17, 2019 on cybersecurity entered into force on June 27, 2019. This regulation is part of the European Commission’s Digital Single Market strategy and aims to provide greater protection for information and communication technologies (ICTs) that play an essential role in our lives.

As explained by European Commission Vice-President Andrus Ansip, responsible for the Digital Single Market and Commissioner Mariya Gabriel, in charge of Digital Economy and Society, the regulation is part of an effort to give shape to the EU’s cybersecurity commitment, seeking to protect citizens while maintaining competitiveness.

A new feature of the Regulation is that it gives more power to the European Union Agency for Cybersecurity (ENISA)—now entrusted with a permanent mandate that will facilitate its new tasks, including strengthening cybersecurity cooperation in the EU (e.g., in the event of cyber-atacks or large-scale cross-border crises).

ENISA’s financial resources are doubled, increasing from EUR 11 to 23 million over a five-year period. This decision is partly motivated by ENISA’s new key role in creating and maintaining the European cybersecurity certification framework.

This second feature of the Regulation creates a new framework that allows EU companies to obtain certification for their ICT products, processes and services only once and recognized throughout the EU.

ENISA’s mandate will be valid from the entry into force of the regulation, but the cybersecurity certification framework needs to be further implemented. In this regard, it is already on the Commission’s agenda to submit proposals to ENISA for the preparation of certification projects and the creation of cybersecurity expert groups.

In short, the regulation seeks to strengtehn and protect the Digital Single Market from one of the major concerns of the digital age: cyber threats.

By Pol Solsona and Miquel Peguera

This post is also available in: Español



80 artículos