Members' Research Service By / October 23, 2023

Managed security services [EU Legislation in Progress]

Cybersecurity attacks are on the rise. It is estimated that ransomware attacks hit organisations every 11 seconds around the globe.

© beebright / Adobe Stock

Written by Mar Negreiro (1st edition).

Managed security services are services carrying out or providing assistance for activities relating to customers’ cybersecurity risk management. They are gaining increasing importance in the prevention and mitigation of cybersecurity incidents. Yet they were not included in the scope of the EU cybersecurity certification framework within the Cybersecurity Act from 2019. As some Member States have begun adopting certification schemes for managed security services that are divergent or inconsistent, there is a need to avoid fragmentation in the internal market. The present proposal therefore includes targeted amendments to the scope of the Cybersecurity Act, seeking to enable managed security services schemes by means of Commission implementing acts.

In Parliament, the file has been assigned to the Committee on Industry, Research and Energy (ITRE), where the rapporteur published her report on 7 September 2023. The amendments tabled in the ITRE committee were published on 21 September 2023. The vote in committee is scheduled for 25 October 2023.


Regulation amending Regulation (EU) 2019/881 as regards managed security services
Committees responsible:Industry, Research and Energy (ITRE)COM(2023)0208
Rapporteur:Josianne Cutajar (S&D, Malta)2023/0108(COD)
Shadow rapporteurs:Angelika Niebler (EPP, Germany)
Bart Groothuis (Renew, the Netherlands)
Ville Niinistö (Greens/EFA, Finland)
Evzen Tošenovský (ECR, Czechia)
Ordinary legislative
procedure (COD)
(Parliament and Council
on equal footing –
formerly ‘co-decision’)
Next steps expected: Vote in committee on draft report

Stage: Committee vote

Related Articles

Be the first to write a comment.

Leave a Reply