E.Council approves conclusions for a stronger EU agency for cybersecurity
At the initiative of the Hungarian presidency, today the Council approved conclusions on the EU agency for cybersecurity (ENISA).
ENISA has proven to be an invaluable entity in the European cybersecurity ecosystem over the past two decades and the text of the conclusions encapsulates member states’ experiences and expectations regarding the agency. This is particularly important considering the ongoing evaluation of the cybersecurity act (CSA) and its possible revision. The conclusions therefore contain a series of recommendations and suggestions on behalf of the Council.
The importance of ENISA can hardly be underestimated in tackling cybersecurity threats, which have significantly increased in level, complexity, and scale these last years. This comprehensive set of conclusions will help us build a robust and resilient digital space in Europe. Continuous cooperation, prioritisation of tasks and resources, as well as a simplification of the complex cyber landscape will be key elements to cope with current and future challenges.
Zoltán Kovács, Hungarian minister of state for international communication and relations
Key messages
The Council conclusions acknowledge that the expansion of ENISA’s important role is the result of recent legislative initiatives, such as the cyber resilience act (CRA) or the revised network and information systems (NIS 2) directive, which have entrusted the agency with additional tasks. Its key role was also boosted by the growing scale and complexity of the cyber threats and challenges these last years. Therefore, the Council recommends that this increase in tasks should be reflected in adequate resources, without pre-empting the upcoming negotiation of the Multiannual Financial Framework. It is, however, equally important to prioritise actions and to have a sound cooperation with other actors in the cyber domain to avoid duplication of tasks.
The conclusions acknowledge ENISA’s support to member states when it comes to policy development and implementation. However, they also call for further improvements and action, notably regarding the development of European cybersecurity certification schemes, as well as the establishment of a single reporting platform.
The text of the conclusions also recognises ENISA’s important contribution in enhancing common situational awareness, as well as in developing a common response to large-scale cyber incidents or crises. Further cooperation with the European Commission, the European External Action Service (EEAS), the Computer Security Incident Response Teams (CSIRTs, groups of experts that assess, document, and respond to a cyber incident) network and the European cyber crisis liaison organisation network (EU-CyCLONe, a cooperation network for member states’ national authorities in charge of cybersecurity) is also emphasised in this respect.
Finally, the conclusions highlight the importance of ENISA’s cooperation with other actors in the cyber ecosystem, such as the cybersecurity service for EU institutions (CERT-EU), the European Cybersecurity Competence Centre and Europol, but also with international organisations and partners and with the private sector.