you're reading...
Economic and Social Policies, PUBLICATIONS

ENISA and a new cybersecurity act [EU Legislation in Progress]

Written by Mar Negreiro (4th edition, updated on 5.7.2019),


© European Union Agency for Network and Information Security (ENISA), 2016

In September 2017, the Commission adopted a cybersecurity package with new initiatives to further improve EU cyber-resilience, deterrence and defence. As part of these, the Commission tabled a legislative proposal to strengthen the EU Agency for Network Information Security (ENISA). Following the adoption of the Network Information Security Directive in 2016, ENISA is expected to play a broader role in the EU’s cybersecurity landscape but is constrained by its current mandate and resources. The Commission presented an ambitious reform proposal, including a permanent mandate for the agency, to ensure that ENISA can not only provide expert advice, as has been the case until now, but can also perform operational tasks. The proposal also envisaged the creation of the first voluntary EU cybersecurity certification framework for ICT products, where ENISA will also play an important role. Within the European Parliament, the Industry, Research and Energy Committee adopted its report on 10 July 2018. An agreement was reached with the Council during the fifth trilogue meeting, on 10 December 2018. The text was adopted by the European Parliament on 12 March and by the Council on 9 April 2019. The new regulation came into force on 27 June 2019.

Interactive PDF

Regulation on ENISA, the ‘EU Cybersecurity Agency’, and on information and communication technology cybersecurity certification (the ‘Cybersecurity Act’)
Committee responsible: Industry, Research and Energy (ITRE) COM(2017) 477 of 13.9.2017

procedure ref.: 2017/0225(COD)

Ordinary legislative procedure (COD) (Parliament and Council on equal footing – formerly ‘co-decision’)

Rapporteur: Angelika Niebler (EPP, Germany)
Shadow rapporteurs: Peter Kouroumbashev, (S&D, Bulgaria),
Evžen Tosenovsky (ECR, Czech Republic),
Pavel Telicka (ALDE, Czech Republic),
Marisa Matias (GUE/NGL, Portugal)
Jakob Dalunde (Greens /EFA, Sweden),
Dario Tamburrano (EFDD, Italy),
Christelle Lechevalier (ENF, France),
Procedure completed. Regulation (EU) 2019/881
OJ L 151, 7.6.2019, pp. 15-69



  1. Pingback: ENISA and a new cybersecurity act [EU Legislation in Progress] | - January 4, 2018

Leave a Reply

Download the EPRS App

EPRS App on Google Play
EPRS App on App Store
What Europe Does For You
EU Legislation in Progress
Topical Digests
EPRS Podcasts

Follow Blog via Email

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 3,543 other subscribers

RSS Link to Members’ Research Service

Disclaimer and Copyright statement

The content of all documents (and articles) contained in this blog is the sole responsibility of the author and any opinions expressed therein do not necessarily represent the official position of the European Parliament. It is addressed to the Members and staff of the EP for their parliamentary work. Reproduction and translation for non-commercial purposes are authorised, provided the source is acknowledged and the European Parliament is given prior notice and sent a copy.

For a comprehensive description of our cookie and data protection policies, please visit Terms and Conditions page.

Copyright © European Union, 2014-2019. All rights reserved.

%d bloggers like this: