Cybersecurity Act
 Regulation (EU) 2019/881 |
|
|---|---|
| Title: | Regulation (EU) 2019/881 of the European Parliament and of the Council of April 17, 2019 on ENISA (European Union Agency for Cybersecurity) and on the certification of cybersecurity for information and communication technology and repealing Regulation (EU) No. 526/2013 |
| Short title: | Cybersecurity Act |
| Scope: | EEA |
| Legal matter: | Computer crime |
| Basis: | TFEU , in particular Art. 114 |
| To be used from: | June 27, 2019 |
| Replaces: | Regulation (EU) 526/2013 |
| Full text |
Consolidated version (not official) basic version |
| Regulation has entered into force and is applicable. | |
| Please note the information on the current version of legal acts of the European Union ! | |
The EU Cybersecurity Act came into force on June 27, 2019 . With the European Regulation (EU) 881/2019, which replaces Regulation (EU) No. 526/2013, on the one hand the mandate of the EU cybersecurity agency (Agency of the European Union for Network and Information Security, ENISA ) is strengthened and on the other hand Established an EU-wide framework for the IT security certification of products, services and processes.
Regulations in detail
The cybersecurity act was introduced in 2017 as part of a comprehensive package of measures to increase cybersecurity and strengthen resilience against cyber attacks in the European Union.
It includes in detail:
- A permanent mandate for the EU Cybersecurity Agency (ENISA) and a significant increase in the agency's financial and human resources. The aim is to enable ENISA to increase cybersecurity capacities in the European Union and thus to promote preparedness. ENISA will also act as an independent competence center. The aim of the center is, on the one hand, to promote awareness among citizens and companies and, on the other hand, to support the EU institutions and member states in developing and implementing political frameworks in the field of cybersecurity.
- The creation of an EU framework for the IT security certification of products, services and processes. The framework establishes a central point of contact for the IT security certification of products, services and processes. The certificates are valid in all EU member states and provide information about the IT security requirements that have been met. The criticality of the product, service or process to be certified is taken into account.
Effect on consumers and businesses
The EU Commission's Cybersecurity Act is an important step towards greater security in the European digital single market and greater trust in the Internet of Things (IoT). A legal framework - which harmonizes test procedures for the certification of products, services and processes at European level - can have a positive effect on risk management in the companies concerned. One of the objectives of the Cybersecurity Act must also be to create more legal certainty for pan-European companies. On the other hand, the regulation brings clarity for the consumer. The certificates should be made visible to the consumer by means of an "instruction leaflet" and thus support him in making a responsible purchase decision. Similar to the EU General Data Protection Regulation in Art. 25, the EU Cybersecurity Act for the first time stipulates "Security by Design" and "Security by Default" as regulatory principles for security-relevant products.
Web links
- Website of the European Commission for EU Cyber Security Act
Individual evidence
- ↑ Regulation (EU) No. 526/2013
- ↑ "Cybersecurity Act" website of the European Union. Retrieved July 16, 2019.
- ^ "The EU Cybersecurity Act" website of ENISA. Retrieved July 16, 2019.
- ^ "Legislative act on EU cybersecurity" website of the European Parliament. Retrieved July 16, 2019.
- ↑ "EU makes IT safer" website of the Handelsblatt. Retrieved July 16, 2019.
- ↑ EU Parliament adopts EU Cybersecurity Act - VDE. Retrieved August 17, 2019 .