The Cybersecurity Act, negotiated for 2 years by the European Parliament and the EU Council, enters into force on Thursday 27 June. This Regulation establishes the very first EU rules for the cybersecurity certification of products, processes and services. It also strengthens the mandate of the European Union Agency for Network and Information Security (ENISA).
"This is an important day and an important message: in less than 2 years, we have been able to combine speed with quality", commented Digital Economy and Society Commissioner Mariya Gabriel, describing the regulation as the "cornerstone" of the Commission's measures to strengthen the EU's defence capabilities in cyberspace.
The main innovation is the introduction of an EU Cybersecurity certification framework allowing companies wishing to participate to obtain an EU-wide certificate attesting to the safety of their product. Three levels of insurance, proportionate to the level of risk associated with use, are provided: basic, substantial, high.
When asked about the timetable, several sources at the Commission indicated that a call for expressions of interest to form the Stakeholder Cybersecurity Certification Group - (SCCG) would be launched on 27 June. The areas potentially covered by the new framework could be cloud computing, the Internet of Things or 5G. The regulation provides for the publication of a first rolling work programme by 28 June 2020. Regulation: https://bit.ly/2YciCzz. (Original version in French by Sophie Petitjean)