EU proposes new bloc-wide cyber security regulations

Flag of European Union with lock symbol
(Image credit: Getty Images)

The European Commission (EC) has proposed new bloc-wide cyber security and information security regulations that will aim to protect the EU’s public administration from rising cyber threats.

The Cybersecurity Regulation will extend the mandate of the Computer Emergency Response Team - which will be renamed to 'Cybersecurity Centre' - to EU institutions, bodies, offices, and agencies.

For simplicity, the Cybersecurity Centre will retain its widely-used ‘CERT-EU' acronym.

The proposed regulation will also see the creation of a new inter-institutional cyber security board that will be responsible for steering CERT-EU as well as driving and monitoring the implementation of the newly-proposed regulation.

Under the Cybersecurity Regulation, all EU institutions, bodies, offices, and agencies will be required to have cyber security frameworks for governance, risk management, and control, conduct regular assessments, implement plans for improvement, as well as notify CERT-EU of any incidents “without undue delay”.

In addition to the Cybersecurity Regulation, the European Commission has also proposed an Information Security Regulation that aims to modernise the EU’s infosec policies by taking into account the recent advances in digital transformation and remote work.

The Information Security Regulation will see the creation of an inter-institutional Information Security Coordination Group that will foster cooperation across all EU institutions, bodies, offices and agencies, as well as establish a common approach to information categorisation based on the level of confidentiality.


Introducing the zero trust edge model for security and network services

Get a better understanding of emerging zero trust solutions


Commenting on the proposal, the EU’s Budget and Administration commissioner Johannes Hahn said that in a “connected environment” such as the EU, “a single cyber security incident can affect an entire organisation”.

“This is why it is critical to build a strong shield against cyber threats and incidents that could disturb our capacity to act,” he added.

Hahn described the newly-proposed regulations as “a milestone in the EU cybersecurity and information security landscape”, adding that they were “based on reinforced cooperation and mutual support among EU institutions, bodies, offices and agencies and on a coordinated preparedness and response”.

“This is a real EU collective endeavour,” he said.

The news comes almost one year after the European Commission, alongside other EU institutions, fell victim to a "significant" cyber attack.

Sabina Weston

Having only graduated from City University in 2019, Sabina has already demonstrated her abilities as a keen writer and effective journalist. Currently a content writer for Drapers, Sabina spent a number of years writing for ITPro, specialising in networking and telecommunications, as well as charting the efforts of technology companies to improve their inclusion and diversity strategies, a topic close to her heart.

Sabina has also held a number of editorial roles at Harper's Bazaar, Cube Collective, and HighClouds.