Cybersecurity act


The so-called Cybersecurity Act consists of two parts. The first part is dedicated to the EU Cybersecurity Agency, ENISA. The European Commission proposed to give ENISA a permanent mandate to replace its limited mandate that would have expired in 2020. ENISA was also given more responsibilities as well as resources to enable the agency to fulfil its goals. The second part of the proposal establishes a certification framework concerning rules for certification of electronic devices and introducing three “risk levels” for IT devices.

Pavel Telička was a Shadow Rapporteur for this file. He introduced number of amendments to the text focusing on keeping the certification framework simple and voluntary, in order to avoid potentially high costs for small businesses. He advocated for a strong mandate and clear role for ENISA to support cooperation among all member states and EU institutions, as cyberattacks are not limited by physical boarders. Pavel Telička has also contributed to the certification framework by introducing a new provision giving a guidance on which products should have a priority in certification. For instance, a medical device connected to the internet should have priority over a fridge that can be controlled with your phone.

The Cybersecurity Act is a first step towards an EU-wide cybersecurity network and more secure IT devices. A single certification will remove potential market-entry barriersand clear certification framework will motivate industries to apply certification on voluntary basis. This means that consumers will be able to pick certified device and receive adequate information about “safety level” of that device. Overall, the Cybersecurity Act will contribute to better protecting EU citizens from increasing cyber-security threats. The text must now be formally approved by the European Parliament and the Member States.

Share this