Cybersecurity – Image by VIN JD on Pixabay
(BRUSSELS) – The EU Parliament and Council reached political agreement Monday on a regulation aimed at ensuring a high common level of cybersecurity across the EU institutions, bodies, offices and agencies.
The conclusion of the negotiations paves the way for final approval of the legal text by the European Parliament and the Council.
The Cybersecurity Regulation will put in place a framework for governance, risk management and control across EU entities in cybersecurity, with a new inter-institutional Cybersecurity Board to monitor its implementation.
It will also extend the mandate of the Computer Emergency Response Team for the EU institutions, bodies, offices and agencies (CERT-EU), as a threat intelligence, information exchange and incident response coordination hub, a central advisory body, and a service provider.
CERT-EU will be renamed to ‘Cybersecurity Service for the Union institutions, bodies, offices and agencies’ to reflect its new mandate while keeping the short name CERT-EU for recognition purposes.
The key elements of the proposal for all EU institutions, bodies, offices and agencies are the following:
- Have a framework for governance, risk management and control in the area of cybersecurity;
- Conduct regular maturity assessments;
- Implement cybersecurity measures addressing the identified risks;
- Put in place a plan for improving their cybersecurity;
- Share incident-related information with CERT-EU without undue delay.
Once the text is finalised, the European Parliament and the Council will have to formally adopt the new Regulation before it can enter into force. Union entities will then be required to comply with the obligations and meet the deadlines specified in the text.
