28 June 2019
Brussels – ECSO welcomes the entry into force of the European Cybersecurity Act which sets the new mandate of ENISA, the EU Agency for Cybersecurity and establishes the European cybersecurity certification framework.
With this Act, ENISA, the EU Agency for Cybersecurity, will take on a permanent mandate including increased responsibilities and resources. In parallel, and as the first example of its kind, the European cybersecurity certification framework establishes the governance and rules for EU-wide certification of ICT products, processes and services.
Following the establishment of the Public-Private Partnership on cybersecurity in 2016, ECSO was encouraged by the European Commission to contribute to the discussions and the preparatory work of a European cybersecurity certification framework. ECSO has been working on increasing the understanding of needs, requirements and challenges in terms of standardisation and certification. With the publication of its Meta-Scheme Approach for European cybersecurity certification and the State-of-the-Art (SOTA) Syllabus of certification schemes and standards, ECSO has ensured important steps towards structuring the public-private landscape, enhancing trust by defining transparent rules, and identifying relevant gaps to foster harmonisation in Europe.
“Our Public-Private Partnership is tailored to help reduce the impact of cybersecurity attacks and improve the resilience of an increasingly digitalised society and industry. ECSO is an early supporter of the development and use of trusted European solutions across the European supply chain and the various sectors. With the Cybersecurity Act entering into force, Europe has armed itself with a fully-fledged European Agency for Cybersecurity and the very first EU-wide certification framework, setting important building blocks for a stronger European approach on cybersecurity in terms of capacity building and competitiveness of the market” – said Luigi Rebuffi, Secretary General of ECSO.
ECSO will continue to build the European cybersecurity community and facilitate the dialogue between the public and private sectors around key topics, including guidelines and the best practices for the assessment and evaluation of items to be certified and criteria to be considered for deciding the fit-for-purpose type of assessment (soon to be published), which supports the establishment of a harmonised definition of cybersecurity certification schemes.
ECSO is currently working on use cases to demonstrate its Meta-Scheme Approach in practice, as well as collaborating with the European Commission’s Joint Research Centre (JRC) and other stakeholders to define common good practices and requirements. Recognising the importance of certification for developing a strong European cybersecurity market, ECSO has also signed Memorandums of Understanding (MoUs) with the European Standards Organisations, CEN/CENELEC and ETSI, and is looking forward to continuing its collaboration and dialogue with ENISA on supporting the implementation of the EU Cybersecurity Act.
The official text of the EU Cybersecurity Act: https://eur-lex.europa.eu/eli/reg/2019/881/oj
#EUCyberAct at a glance: https://ec.europa.eu/digital-single-market/en/news/eu-cybersecurity-act-glance
The European Cyber Security Organisation (ECSO) ASBL is a fully self-financed non-for-profit organisation under the Belgian law, established in June 2016. ECSO represents the contractual counterpart to the European Commission for the implementation of the Cyber Security contractual Public- Private Partnership (cPPP). ECSO members include a wide variety of stakeholders such as large companies, SMEs and start-ups, research centres, universities, clusters and association as well as European Member State’s local, regional and national administrations, the European Free Trade Association (EFTA) and H2020 associated countries.