EU Cybersecurity Act brings new EU-wide rules on cybersecurity certification


Tomorrow 27 June the European Cybersecurity Act, agreed by EU negotiators in December 2018, will enter into force. The new rules equip Europe with a framework of cybersecurity certification of products, processes and services and reinforce the mandate of the EU Agency for Cybersecurity. The European cybersecurity certification framework will boost the cybersecurity of online services and consumer devices by enabling the creation of tailored and risk-based EU certification schemes. At the same time the new permanent mandate of the EU Agency for Cybersecurity includes increased responsibilities and resources to better support Member States with tackling cybersecurity threats and attacks. Vice-President for the Digital Single Market Andrus Ansip, stated: “Europe’s Digital Single Market can only be a reality if it includes robust cybersecurity commitments. This Commission has pushed forward in making sure Europe has the necessary capabilities, including by proposing a European certification framework and having financing for cybersecurity research and development under the next long-term EU budget. Work on 5G security is a particular priority, as it has the potential to impact every aspect of our future. Commissioner for Digital Economy and Society, Mariya Gabriel, added: “The EU Cybersecurity Act has demonstrated the need for an EU approach to respond to all challenges, protect our citizens and stay competitive. In order to achieve this goal, Europe has granted a permanent mandate to the EU Agency for Cybersecurity. The Cybersecurity Act also enables EU-wide cybersecurity certification. With the Cybersecurity Act, the Directive on Security of Networks and Information Systems and the proposed European Cybersecurity Competence Centre, we have put forward a strong EU pattern, based on our democratic values and safeguarding our citizens’ interests.” In addition to the Cyber Act, the Commission proposed, in September 2018, to create aEuropean Cybersecurity Competence Network and Centre to better target and coordinate available funding for cybersecurity cooperation, research and innovation. In May 2019, the Council also established a sanctions regime, which allows the EU to impose targeted restrictive measures to deter and respond to cyberattacks which constitute an external threat to the EU and its Member States.