EU cybersecurity law
Cybersecurity to be reinforced in Europe
The European Parliament, the Council and the Commission reached an agreement last December to reinforce the European position on cybersecurity through the regulation proposed in 2017, which will be reflected mainly in the organisation and activity of the European Network and Information Security Agency (ENISA).
In addition to the reconfiguration of ENISA’s objectives, the regulation focuses on the design of a European certification framework in order to ensure a minimum level of cybersecurity for union products and services related to information technology and communication, which makes it the first law that regulates the safety of products connected at the domestic market level and is expected to allow for consumers to have more confidence. A single certification will also remove potential market-entry barriers and be more cost effective.
The following functions are envisaged for ENISA:
-To be a centre of expertise in cybersecurity that acts independently and provides technical and scientific assistance with transparency.
-Assist the European institutions and Member States in the development of cybersecurity policies and the acquisition of competencies in the field, in addition to promoting cooperation between them.
-Develop a framework for certification and encourage the use of it.
-Raise awareness in citizens and businesses about the importance of cybersecurity.
Among the aims of encouraging cooperation between Member States is the fight against fraud and counterfeiting of electronic means of payment, for which it is planned to establish a broad scope of criminal offences and general rules for their penalisation. In addition to facilitating cross-border access to electronic evidence and giving special importance to the role of encryption.