13 March 2019 | By Michael Thaidigsmann
EU Cybersecurity Act clears final parliamentary hurdle
The European Parliament has adopted proposals for a new EU cybersecurity certification scheme for products, processes and services.
By a large majority in favour, MEPs adopted the EU Cybersecurity Act, which establishes the first EU-wide certification scheme to ensure that certified products, processes and services sold in EU countries meet cybersecurity standards. They also urge the Commission to task the new EU Cybersecurity Agency (ENISA) to work on a certification scheme ensuring that the rollout of 5G networks meets the highest security standards.
Cybersecurity deals with safeguarding IT and computer systems with the purpose of bringing companies and organisations to better protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, unauthorised access and other external attacks. Cybersecurity measures include firewalls, anti-virus software, intrusion detection and prevention systems, encryption, and login passwords.
One-stop shop for companies
The EU Cybersecurity Act, which has already been informally agreed with member states, underlines the importance of certifying critical infrastructure, including energy grids, water, energy supplies and banking systems in addition to products, processes and services.
By 2023, the Commission will assess whether any of the new voluntary schemes should be made mandatory. The new regulation also provides for a permanent mandate and more resources for ENISA.
The measures are designed to offer businesses a one-stop portal to certify that their products meet the necessary standards and will replace the more cumbersome approval process in individual member states. The expressed hope is that businesses will invest more in cybersecurity.
The Council of the EU, representing the member states, still has to formally approve the legislation. The regulation will enter into force 20 days after it is published in the EU’s Official Journal.
Parliament’s rapporteur Angelika Niebler on the issue, German MEP Angelika Niebler, declared: “The legislation is a cornerstone for Europe to become a global player in cyber security. Consumers, as well as the industry, need to be able to trust in IT-solutions.”
The new regulation complements the 2016 Directive on security of network and information systems, which is already in force.