News

Blog

Friday, June 28th, 2019

The EU Cybersecurity Act Enters into Force

The EU Cybersecurity Act Enters Into Force. The European Union (EU) Cybersecurity Act establishes a new mandate for ENISA, the EU Agency for Cybersecurity, and a European cybersecurity certification framework. 

In order to scale up the EU’s response to cyber-attacks, improve cyber resilience and increase trust in the Digital Single Market, the EU Cybersecurity Act strengthens ENISA establishes an EU cybersecurity certification framework that will allow the emergence of tailored certification schemes for specific categories of ICT products, processes and services. Companies will be able to certify their products, processes and services only once and obtain certificates that are valid across the EU.

The Cybersecurity Act works alongside both:

  • the EU General Data Protection Regulation, which requires security measures to be implemented when processing personal data; and
  • the EU Network and Information Security Directive (NIS Directive), which aims to protect critical national infrastructure.

The NIS Directive only applies to operators of essential services and digital service providers. The Cybersecurity Act encourages all businesses to invest more in cybersecurity and to build it into their ICT devices.

How will the certification process work?

ENISA, with the help of national experts will prepare the technical ground for the certification schemes. They will then be adopted by the European Commission through implementing acts. The EU-wide certification framework creates a comprehensive set of rules, technical requirements, standards and procedures to agree each scheme. Each scheme will be based on agreement at EU level. This is for the evaluation of the security properties of a specific ICT-based product or service. This certificate will attest that ICT products and services that have been certified in accordance with such a scheme comply with specified cybersecurity requirements. The resulting certificate will be recognised in all EU Member States. This will make it easier for businesses to trade across borders. It will also help purchasers to understand the security features of the product or service.

Security by design

The Framework also encourages manufacturers or providers involved in the design and development of products, services or processes to implement measures at the earliest stages of design and development. This will allow protecting the security of those products, services or processes to the highest possible degree. Done in such a way that the occurrence of cyberattacks is anticipated and minimised.

Who will benefit from this certification framework and how? 

  • Citizens and end-users will be able to make more informed purchase decisions related to products and services they rely on a daily basis.
  • Vendors and providers of products and services (including Small and medium-sized enterprises (SMEs) and new businesses). They will enjoy cost and time savings as they will undergo a single process for obtaining a European certificate. This allows them to compete effectively in all Member States. Besides, vendors of ICT products and services will be keen to make buyers aware possibly by using a specific label linked to the certificate.  
  • Governments, who, like all individual and commercial buyers, will be better equipped to make informed purchase decisions.

Smarttech247

Contact Us

The data you supply here will not be added to any mailing list or given to any third party providers without further consent. View our Privacy Policy for more information.

    Copyright Smarttech247 - 2021