New cybersecurity rules are kicking in this week for the European Union. The regulation establishes an “internal cybersecurity risk management, governance and control framework for each Union entity, and sets up a new Interinstitutional Cybersecurity Board (IICB) to monitor and support its implementation by Union entities.
There is also a Computer Emergency Response Team for the EU institutions (CERT-EU), as a threat intelligence and coordination hub.
Johannes Hahn, EU Commissioner for Budget and Administration, commented on the new rules:
“As the cyber threats are becoming more pervasive and the cyber attackers more sophisticated, achieving a high common level of cybersecurity across Union entities is paramount to ensure an open, efficient, secure and resilient EU public administration. The Regulation strengthens Union entities’ cybersecurity and aligns the EU administration with the standards imposed on Member States, such as the Directive on high common levels of cybersecurity across the Union, also known as NIS 2. The rapid adoption of the Regulation proves the commitment of the EU towards these objectives. Now I call upon the co-legislators to swiftly engage on negotiations for the parallel Information Security Regulation.”
The original proposal was released in March 2022, and an agreement on the regulation was reached in June 2023.
The actual document outlining the new rules is available here.
An Interinstitutional Cybersecurity Board (IICB) has been created to provide guidance to CERT-EU with the following members:
- the European Parliament;
- the European Council;
- the Council of the European Union;
- the Commission;
- the Court of Justice of the European Union;
- the European Central Bank;
- the Court of Auditors;
- the European External Action Service;
- the European Economic and Social Committee;
- the European Committee of the Regions;
- the European Investment Bank;
- the European Cybersecurity Industrial, Technology and Research Competence Centre;
- ENISA;
- the European Data Protection Supervisor (EDPS);
- the European Union Agency for the Space Programme.