Mon. Jul 15th, 2024

Brussels, 26 June 2023

MEPs and the Swedish Presidency of the Council have reached an agreement on plans to strengthen the European Union’s institutions, bodies and agencies against cyber threats, on Monday.

The regulation will enable a unified approach for cybersecurity across all Union entities. All EU institutions and bodies will have to establish strong cybersecurity standards, with a governance, risk management and control framework.

The agreement will establish the Interinstitutional Cybersecurity Board (IICB), which will ensure a coordinated approach across the Union. This board will be responsible for monitoring the implementation of the regulation and will provide strategic direction.

The EU’s existing Computer Emergency Response Team (CERT-EU) will be developed into a Cybersecurity Service for the Union institutions, bodies, offices and agencies. It will provide guidance, recommendations, and information about cyber vulnerabilities, incidents and attacks.

Quote

Lead MEP Henna Virkkunen (EPP, FI) said: “We are for the first time creating common rules for EU institutions, bodies and agencies on cybersecurity preparedness. EU has a number of different entities, ranging from large institutions to smaller agencies. When it comes to cybersecurity, we are only as strong as our weakest link”.

“The digital development, rapid growth of teleworking and the outsourcing of ICT services have contributed to the need to ensure a high level of cybersecurity in all instances. Strengthening cybersecurity concerns all sectors, including the EU administration. We must be prepared for the constantly evolving cyber threat environment. This requires sufficient technical capabilities, competence and resources, which the new Regulation will strengthen” she added.

Next steps

The informal agreement will now have to be endorsed by both Parliament and Council in order to become law. The Industry, Research and Energy committee will vote on the text in a forthcoming meeting.

Background

A European Parliament study highlights that the digital transformation is making the EU institutions and administration more vulnerable to cyber-threats and incidents. Their number has surged dramatically in recent years: there were as many incidents during the first half of 2021 as in the whole of 2020, for instance. Yet an analysis of 20 Union institutions, bodies and agencies showed that their governance, preparedness, cybersecurity capability and maturity vary substantially, weakening the system. This proposal for a regulation would establish a common framework to ensure that similar cybersecurity rules and measures are applied within all Union institutions, bodies, offices and agencies, to improve their resilience and incident-response capacities and rapidly improve the existing situation.

Forward to your friends