The decision came late in the evening of Wednesday 9 December: the ambassadors of the Member States to the EU chose Bucharest to host the headquarters of the future Cybersecurity Competence Centre.
The Romanian capital won against Brussels, Munich, Vilnius, Luxembourg, Warsaw and León (Spain), the other six candidate cities. Brussels was in the lead in the first round of voting, with eight votes. Bucharest amassed 6, Vilnius 5, Luxembourg 3, Warsaw and Leon 2 and Munich 1. It was therefore played out in the second round of voting between Brussels and Bucharest, with the former receiving 12 votes and the latter 15.
According to the candidature file, three buildings are likely to house the future centre: Villa Rosetti, Nordului 94W and H Victoriei 109. All three will be available as soon as the Regulation establishing the Centre is adopted and will be able to accommodate a team of 60 people who will benefit - in addition to the traditional advantages - from a “promotional package of medical services” for them and their families.
But what really tipped the balance in Romania’s favour was the fact that the country currently hosts no EU agencies or bodies, which has led many “new Member States” to support its candidacy.
Trilogues on the Competence Centre
At this stage, however, the Competence Centre is still the subject of intense negotiations between the European Parliament, the EU Council and the Commission (see EUROPE 12615/12).
A fourth - and most certainly last - negotiating meeting is scheduled for Friday 11 December. The aim of the new Regulation is to improve the coordination of cybersecurity research and innovation in the EU.
The main stumbling blocks on this issue are: – the issue of financial contributions from Member States, which the EU27 are keen to keep voluntary; – the possibility of a right of veto for the European Commission in the Governing Board; – and the necessity of an advisory board, which is opposed by the Council of the EU (see EUROPE 12537/14, 12095/18, 12437/4).
Other Cybersecurity Initiatives
The EU is working hard to prevent and counter the ever-increasing number of cyber-attacks, as evidenced by the one launched the day before against the European Medicines Agency (see separate news item).
On Thursday 10 December, the European Agency for Cybersecurity (ENISA) published new guidelines to help European telecoms security authorities implement the security requirements of the European Electronic Communications Code (ECCC) and the EU 5G toolkit.
This is an update of the ENISA Technical Directive 2014 on security measures under Article 13a of the EU Telecoms Framework Directive through 29 high-level security objectives listed under eight security domains. The section on 5G suggests 70 control measures.
In addition, on Wednesday 16 December, the European Commission will present a package of measures which will be structured around a Communication on a cybersecurity strategy, a revision of the Directive on the Security of Networks and Information Systems (2016/1148) and a Directive on the Resilience of Critical Entities (see EUROPE 12595/27). (Original version in French by Sophie Petitjean)