The Commission is expected to present, on 14 January, the revision of the EU Cybersecurity Regulation.

The Cybersecurity Regulation, adopted in 2019, granted permanent status to the European Union Agency for Cybersecurity (ENISA) and created a European Cybersecurity Certification Framework (ECCF).

The Regulation extended ENISA’s mandate to enable it to respond to the EU’s cybersecurity needs. However, over the five years since the adoption of this legislative act, the cybersecurity landscape has evolved significantly, both in terms of complexity and in the number of attacks.

In addition, following the adoption of the Regulation, several other legislative acts have been adopted, leading to an evolution of ENISA’s tasks in order to allow it to address the growing cybersecurity challenges in an unstable geopolitical context and to better support EU stakeholders active in this field, both within and beyond the EU’s borders.

The Commission therefore considers it necessary to revise the Regulation in order to adapt the Agency’s mandate to developments in its role and tasks.

Accordingly, the overall objective of the revision is to streamline cybersecurity measures, strengthen cyber resilience and achieve a high common level of cybersecurity across the EU, while at the same time contributing to the Commission’s simplification agenda.

According to the Commission, the initiative is expected to have positive long-term economic impacts. Streamlining tasks and simplifying reporting obligations will help to reduce the administrative burden on companies. Improving the efficiency and effectiveness of the ECCF should also have positive effects on the Single Market, contributing to greater harmonisation and higher levels of cybersecurity and cyber resilience.

Our team remains available to provide further information.