EU proposes new bloc-wide cyber security regulations
The Computer Emergency Response Team for the EU institutions, bodies, offices, and agencies (CERT-EU) will be renamed as the ‘Cybersecurity Centre'
The Cybersecurity Regulation will extend the mandate of the Computer Emergency Response Team - which will be renamed to 'Cybersecurity Centre' - to EU institutions, bodies, offices, and agencies.
For simplicity, the Cybersecurity Centre will retain its widely-used ‘CERT-EU' acronym.
The proposed regulation will also see the creation of a new inter-institutional cyber security board that will be responsible for steering CERT-EU as well as driving and monitoring the implementation of the newly-proposed regulation.
Under the Cybersecurity Regulation, all EU institutions, bodies, offices, and agencies will be required to have cyber security frameworks for governance, risk management, and control, conduct regular assessments, implement plans for improvement, as well as notify CERT-EU of any incidents “without undue delay”.
In addition to the Cybersecurity Regulation, the European Commission has also proposed an Information Security Regulation that aims to modernise the EU’s infosec policies by taking into account the recent advances in digital transformation and remote work.
The Information Security Regulation will see the creation of an inter-institutional Information Security Coordination Group that will foster cooperation across all EU institutions, bodies, offices and agencies, as well as establish a common approach to information categorisation based on the level of confidentiality.
Introducing the zero trust edge model for security and network services
Get a better understanding of emerging zero trust solutionsFree Download
Commenting on the proposal, the EU’s Budget and Administration commissioner Johannes Hahn said that in a “connected environment” such as the EU, “a single cyber security incident can affect an entire organisation”.
“This is why it is critical to build a strong shield against cyber threats and incidents that could disturb our capacity to act,” he added.
Hahn described the newly-proposed regulations as “a milestone in the EU cybersecurity and information security landscape”, adding that they were “based on reinforced cooperation and mutual support among EU institutions, bodies, offices and agencies and on a coordinated preparedness and response”.
“This is a real EU collective endeavour,” he said.
The news comes almost one year after the European Commission, alongside other EU institutions, fell victim to a "significant" cyber attack.
The state of Salesforce: Future of business
Three articles that look forward into the changing state of Salesforce and the future of businessFree Download
The mighty struggle to migrate SAP to the cloud may be over
A simplified and unified approach to delivering Enterprise Transformation in the cloudFree Download
The business value of the transformative mainframe
Modernising on the mainframeFree Download
The Total Economic Impact™ Of IBM FlashSystem
Cost savings and business benefits enabled by FlashSystemFree Download