European Union: EU Cybersecurity Act Gets The Green Light!

On 7 June 2019, Regulation (EU) 2019/881 on ENISA (the European Union Agency for Network and Information Security) and on information and communications technology cybersecurity certification, also known as the Cybersecurity Act, was given the final go-ahead and published in the Official Journal of the European Union. The Cybersecurity Act will come into force on 27 June 2019.

As highlighted in our previous blog on the Cybersecurity Act, cyberattacks are becoming more and more sophisticated and most often occur across borders. There is a growing need for effective and coordinated responses and crisis management at the EU level. The Cybersecurity Act aims to build a safer cyber environment through an EU-wide framework for businesses to achieve cybersecurity certification for their information and communications technology (ICT) products, processes and services.

ENISA will assume the key role of supervising and advancing cooperation and information sharing across EU member states, EU institutions and international organisations.

The past two years have seen cybersecurity turning into a high priority on the Brussels agenda. The Cybersecurity Act forms part of a set of measures across the board intended to promote more robust cybersecurity within the EU by establishing the first EU-wide cybersecurity certification framework across a broad range of products (e.g. the Internet of Things) and services.

The Cybersecurity Act works alongside both:

• the EU General Data Protection Regulation, which requires security measures to be implemented when processing personal data; and
• the EU Network and Information Security Directive (NIS Directive), which aims to protect critical national infrastructure.

While the NIS Directive applies only to operators of essential services and digital service providers, the Cybersecurity Act encourages all businesses to invest more in cybersecurity and to build it into their ICT devices. Ultimately, the collective framework of legislation is designed to counteract cyberattacks and to raise consumers' and industry players' trust in ICT solutions.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.