Cybersecurity: agreement reached on better protection for citizens and companies

12 dicembre 2018

  •       EU cybersecurity certification scheme for products and services
  •       Better protection for consumers and easier procedures for companies
  •       More power to EU cybersecurity agency

 

Several measures to improve cybersecurity in the EU were provisionally agreed by MEPs and member states on 11-12-2018 

After the agreement was reached, rapporteur Angelika Niebler (EPP, DE) said: “This important success will enable the EU to keep up with security risks in the digital world for years to come. The agreement is a cornerstone for Europe to become a global player in cyber security. Consumers, as well as the industry, need to be able to trust in IT-solutions."

New European cybersecurity certification for connected technological devices


Parliament and Council negotiators agreed to introduce the first EU-wide cybersecurity certification scheme to ensure that cybersecurity standards are met by products and services sold in EU countries.


Consumers will be better informed, thanks to the introduction of information on cybersecurity for certified products and services. As requested by Parliament, manufacturers shall provide detailed information including guidance on installation, the period for security support including information for security updates.


The deal underlines the particular importance of certifying critical infrastructure, including energy grids, water, energy supplies and banking systems.


Companies will no longer have to pay for separate tests in every member state where they sell their products. In addition, for some of the certificates needed to ensure a minimum level of cybersecurity, companies will be able to certify their own products themselves, to avoid time-consuming and expensive tests in private labs.

The Commission shall assess by 2023 if any particular schemes should be made mandatory.

Better governance of certification schemes


As requested by the Parliament, a Union rolling work programme will be part of the governance of the cybersecurity certification schemes, making future initiatives more predictable, inclusive and transparent for industry. In addition, the creation of a stakeholders’ certification group will ensure their involvement in setting the strategic priorities on future certification requirements.

 More power to EU cybersecurity agency

 The EU’s cybersecurity agency ENISA will be reinforced, as Parliament wanted, to help improve cybersecurity within the European Union. Among the new tasks, ENISA will run the security drill to prepare the EU for a crisis response to major cyberattacks.

 Next steps


The deal will now be put to the Industry, Research and Energy Committee and plenary for approval, as well as the Council. The regulation will enter into force 20 days after its publication in the Official Journal.

Retrieved from http://www.europarl.europa.eu/news/en/press-room/20181210IPR21431/cybersecurity-agreement-reached-on-better-protection-for-citizens-and-companies

Archivio news

 

News dello studio

mar21

21/03/2024

Correttivo al Codice delle Comunicazioni Elettroniche

Il 20 marzo 2024, il Consiglio dei Ministri ha approvato, in esame definitivo, le disposizioni correttive al decreto legislativo 8 novembre 2021, n. 207, di attuazione della direttiva (UE)

mar20

20/03/2024

Telemarketing

Attuazione del Codice di Condotta con l' accreditamento dell'organismo di monitoraggio da parte del Grante privacy. Con l’accreditamento dell’Organismo di monitoraggio (OdM) si completa

mar19

19/03/2024

GARANTE PER LA PROTEZIONE DEI DATI PERSONALI COMUNICATO Avviso pubblico di avvio della consultazione sul termine di conservazione dei metadati generati e raccolti automaticamente dai protocolli di trasmissione e smistamento della posta el

Il Garante per la protezione dei dati personali, con provvedimento del 22 febbraio 2024, n. 127, pubblicato sul sito web istituzionale (www.garanteprivacy.it), ha deliberato l'avvio di una procedura

News Giuridiche