On June 7, Regulation (EU) 2019/881 of the European Parliament and of the Council on ENISA (European Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation No 526/2013 (“Cybersecurity Act”) was published in the Official Journal of the European Union. It is necessary to wait until June 27, 2019 for its entry into force.
In the first place, the aforementioned Regulation appoints ENISA as the new European Agency for Cybersecurity, establishing the objectives, tasks and organizational aspects of that body. ENISA will ensure a greater coordination and harmonization in the area of cybersecurity among the Member States that will be able to rely on this Agency to implement national plans and strategies in the fight against threats and cybersecurity attacks.
Secondly, the Regulation establishes a framework for the creation of certification systems in the field of cybersecurity, with the aim of ensuring an adequate level of cybersecurity of ICT products, services and processes in the European Union. The final objective of the legal text is not only to increase the confidence of users in relation to the use of connected devices, but also to strengthen the European cybersecurity industry and the European Single Market, positioning it as a world reference at the same time as other markets such as the United States or China.
This European cybersecurity certification framework defines a mechanism to ensure that ICT products, services and processes that have been evaluated in accordance with these mechanisms meet specified security requirements with the aim of protecting availability, authenticity, integrity or confidentiality of the data stored or processed throughout its life cycle.
In conclusion, the Regulation, given the cross-border nature of cyber-threats, seeks to provide an effective and coordinated response as well as crisis management at Union level, in the face of the continuous increase in cyberattacks.