EU Security

EU proposes new bloc-wide cyber security regulations

The Computer Emergency Response Team to be renamed the Cybersecurity Centre
Pro
Image: Getty via Dennis

23 March 2022

The European Commission (EC) has proposed new bloc-wide cyber security and information security regulations that will aim to protect the EU’s public administration from rising cyber threats.

The Cybersecurity Regulation will extend the mandate of the Computer Emergency Response Team – which will be renamed to ‘Cybersecurity Centre’ – to EU institutions, bodies, offices, and agencies.

For simplicity, the Cybersecurity Centre will retain its widely-used ‘CERT-EU’ acronym.

The proposed regulation will also see the creation of a new inter-institutional cyber security board that will be responsible for steering CERT-EU as well as driving and monitoring the implementation of the newly-proposed regulation.

Under the Cybersecurity Regulation, all EU institutions, bodies, offices, and agencies will be required to have cyber security frameworks for governance, risk management, and control, conduct regular assessments, implement plans for improvement, as well as notify CERT-EU of any incidents “without undue delay”.

In addition to the Cybersecurity Regulation, the European Commission has also proposed an Information Security Regulation that aims to modernise the EU’s infosec policies by taking into account the recent advances in digital transformation and remote work.

The Information Security Regulation will see the creation of an inter-institutional Information Security Coordination Group that will foster cooperation across all EU institutions, bodies, offices and agencies, as well as establish a common approach to information categorisation based on the level of confidentiality.

Commenting on the proposal, the EU’s Budget and Administration commissioner Johannes Hahn said that in a “connected environment” such as the EU, “a single cyber security incident can affect an entire organisation”.

“This is why it is critical to build a strong shield against cyber threats and incidents that could disturb our capacity to act,” he added.

Hahn described the newly-proposed regulations as “a milestone in the EU cyber security and information security landscape”, adding that they were “based on reinforced cooperation and mutual support among EU institutions, bodies, offices and agencies and on a coordinated preparedness and response”.

“This is a real EU collective endeavour,” he said.

The news comes almost one year after the European Commission, alongside other EU institutions, fell victim to a “significant” cyber attack.

Future Publishing

Read More:


Back to Top ↑

TechCentral.ie