On Friday 14 July, the European Commission launched a public consultation to assess whether the European Union Agency for Cybersecurity (ENISA) is fulfilling its mandate, objectives and tasks. This consultation should also make it possible to examine whether a change to ENISA’s mandate is necessary and to quantify the potential financial consequences that this would entail.
The Commission, tasked with assessing ENISA’s performance, intends first of all to review organisational structure and working practices, including the adequacy of human resources and staff allocation. It would also like to find out the extent to which ENISA has become a centre of expertise within the cybersecurity community.
The consultation also covers the effects and effectiveness of the provisions of the European Cybersecurity Certification Framework and the role played by ENISA in supporting and promoting the development and implementation of cybersecurity certification schemes. On this point, the assessment should focus in part on any gaps or shortcomings in the framework.
The consultation, which closes on 16 September, also looks at ENISA’s relationships with the Commission and the relevant EU institutions and bodies.
The conclusions will be published no later than 28 June 2024. They should include an assessment of stakeholders’ needs and of ENISA’s flexibility and readiness to “tackle upcoming issues and take up new responsibilities in response to the evolving cyber threat and regulatory landscapes”.
To see the consultation, go to https://aeur.eu/f/83r (Original version in French by Thomas Mangin)