The Commission welcomes the political agreement reached between the European Parliament and the Council of the EU on the Regulation proposed by the Commission laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union. Negotiations have now concluded, paving the way for final approval of the legal text by the European Parliament and the Council.
The Commission announced the proposal for the Cybersecurity Regulation in March 2022. This Regulation will put in place a framework for governance, risk management and control across EU entities in cybersecurity, with a new inter-institutional Cybersecurity Board to monitor its implementation. It will also extend the mandate of the Computer Emergency Response Team for the EU institutions, bodies, offices and agencies (CERT-EU), as a threat intelligence, information exchange and incident response coordination hub, a central advisory body, and a service provider. CERT-EU will be renamed to 'Cybersecurity Service for the Union institutions, bodies, offices and agencies' to reflect its new mandate while keeping the short name CERT-EU for recognition purposes.
The key elements of the proposal for all EU institutions, bodies, offices and agencies are the following:
- Have a framework for governance, risk management and control in the area of cybersecurity;
- Conduct regular maturity assessments;
- Implement cybersecurity measures addressing the identified risks;
- Put in place a plan for improving their cybersecurity;
