Cybersecurity in the EU, New procedures

Feb 24, 2020 | Studies & Reports

European Centre for Counterterrorism and Intelligence Studies – ECCI

European Commission–   Securing network and information systems in the European Union is essential to keeping the online economy running and to ensure prosperity. The European Union works on a number of fronts to promote cyber resilience.

The Cybersecurity Act: For an enhanced cyber resilience

On 13 September 2017 the Commission adopted a cybersecurity package. The Cybersecurity Act, which has now entered into force, lay at the core of the package. The changes this new EU regulation brings about are twofold: a comprehensive reform of ENISA and the creation of a certification framework.

ENISA – the EU cybersecurity agency

Faced with ever-new challenges ENISA (European Union Agency for Network and Information Security) had found itself increasingly constrained by the mandate it had initially received. The Cybersecurity Act bestows a permanent mandate upon the agency, together with greater financial and human resources. This will ensure that ENISA can provide support to Member States,  EU institutions and businesses in key areas, including the implementation of the NIS Directive. The new ENISA will also empowered to contribute to stepping up both operational cooperation and crisis management across the EU.

A single cybersecurity market

The growth of the cybersecurity market in the EU – in terms of products, services and processes – is held back in a number of ways, also due to lack of a cybersecurity certification scheme recognised across the EU. The Commission has therefore put forward a proposal to set up an EU certification framework with ENISA at its heart.

The NIS directive

The NIS directive (Directive on security of network and information systems), adopted in July 2016, is the first piece of EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU.

Blueprint for rapid emergency response

The Commission’s blueprint for rapid emergency response provides a plan in case of a large scale cross-border cyber incident or crisis. It sets out the objectives and modes of cooperation between the Member States and EU Institutions in responding to such incidents and crises, and explains how existing Crisis Management mechanisms can make full use of existing cybersecurity entities at EU level.

Securing the electoral process

In September 2018, the Commission issued a package of measures to support free and fair European elections, it includes a recommendation (PDF) on election cooperation networks, online transparency, protection against cybersecurity incidents and fighting disinformation campaigns. In April 2019, ahead of the European elections, the European Parliament, EU Member States, the Commission and ENISA carried out a live test of their preparedness.

The European Cybersecurity Industrial, Technology and Research Competence Centre

In 2018, building on the Cybersecurity Act, the European Commission proposed the creation of a Network of Cybersecurity Competence Centres and a new European Cybersecurity Industrial, Technology and Research Competence Centre to invest in stronger and pioneering cybersecurity capacity in the EU.

Secure 5G deployment in the EU

In a Communication of 29 January 2019, the Commission has called on Member States to take steps to implement the set of measures recommended in the 5G toolbox conclusions by 30 April 2020 and to prepare a joint report on the implementation in each Member State by 30 June 2020.


The framework for a joint EU diplomatic response to malicious cyber activities (the “cyber diplomacy toolbox”) sets out the measures under the Common Foreign and Security Policy, including restrictive measures which can be used to strengthen the EU’s response to activities that harm its political, security and economic interests.

European Centre for Counterterrorism and Intelligence Studies – ECCI