Cybersecurity, new EU regulation for institutional security launched

CBAM EU Commission approves regulation for the transitional phase

(Finance) – The new regulation on cybersecurity establishing measures for a high common level of cybersecurity in the institutions, bodies, offices and agencies of the Union entered into force yesterday, 7 January 2024. The regulation establishes measures for the establishment of an internal cybersecurity risk management, governance and control framework for each Union entity and establishes a new Interinstitutional Committee for Cybersecurity (IICB) to monitor and support its implementation by Union entities. It provides for an expanded mandate of the Cyber ​​Emergency Response Team for the EU institutions, bodies, offices and agencies (CERT-EU) as a hub for threat intelligence, information exchange and incident response coordination, a central advisory body and a service provider. In line with its mandate, the CERT-UE is renamed to the Cybersecurity Service of the Union institutions, bodies, offices and agencies, but retains the abbreviated name “CERT-EU”.

Following the calendar defined in the Regulation, Union entities will establish internal cybersecurity governance processes and progressively implement specific cybersecurity risk management measures provided for in the Regulation. The IICB will be established and become operational as soon as possible, with the aim of ensuring the strategic orientation of the CERT-EU within its extended mandate, providing guidance and support to Union actors and monitoring the implementation of the Regulation.

In its resolution of March 2021, the Council of the European Union underlined the importance of a robust and coherent security framework to protect EU personnel, data, communications networks, information systems and decision-making processes. In this context, the Commission announced the proposed regulation on cybersecurity in March 2022 and the European Parliament and the Council reached a political agreement in June 2023.

“As cyber threats are becoming more pervasive and cyber attackers are more sophisticated, achieving a common high level of cybersecurity across all Union entities is key to ensuring an open, efficient, secure and secure EU public administration. and resilient – ​​he declared Johannes Hahn, Commissioner for Budget and Administration – The regulation strengthens the cybersecurity of Union entities and aligns the EU administration with rules imposed on Member States, such as the Directive on high common levels of cybersecurity across the Union , also known as NIS 2. The rapid adoption of the regulation demonstrates the EU’s commitment to achieving these objectives. I now call on the co-legislators to quickly start negotiations on the parallel regulation on information security.”

tlb-finance