The objective of the proposal is to bolster the resilience and response capacities of the EU entities against cyber threats and incidents
The EC has proposed a Cybersecurity Regulation and an Information Security Regulation. (Credit: Dimitris Vetsikas from Pixabay)
The European Commission (EC) has proposed new rules for defining common measures for cybersecurity and information security across institutions, bodies, agencies, and offices of the European Union (EU).
According to the Commission, the objective of its proposal is to strengthen the resilience and response capacities of the EU entities against cyber threats and incidents. The measures are also aimed at ensuring that the EU public administration is resilient and secure amid the increasing malicious cyber activities around the world.
The EC has proposed a Cybersecurity Regulation and an Information Security Regulation. By establishing common priorities and frameworks, the new rules will further bolster inter-institutional cooperation, bring down exposure to risk and further strengthen the security culture in the EU.
European Commissioner for Budget and Administration Johannes Hahn said: “In a connected environment, a single cybersecurity incident can affect an entire organisation. This is why it is critical to build a strong shield against cyber threats and incidents that could disturb our capacity to act.
“The regulations we are proposing today are a milestone in the EU cybersecurity and information security landscape. They are based on reinforced cooperation and mutual support among EU institutions, bodies, offices and agencies and on a coordinated preparedness and response.”
The Cybersecurity Regulation is proposed to implement a framework for risk management, governance, and regulation in the cybersecurity area. The move will result in the formation of a new inter-institutional cybersecurity board, strengthen cybersecurity capabilities, and trigger regular maturity assessments, and improved cyber-hygiene.
Besides, the regulation will extend the mandate of the Computer Emergency Response Team for the EU institutions, bodies, agencies, and offices (CERT-EU). Following this CERT-EU will be an information exchange, threat intelligence, and incident response coordination hub, a central advisory body, as well as a service provider.
The EC said that the Information Security Regulation will come with a minimum set of information security rules and standards for all EU institutions, offices, bodies, and agencies. These will ensure an improved and consistent protection against the developing threats to their information, said the Commission.
Last month, the EC proposed new rules under the EU Data Act which determine who can use and access the data generated across all economic sectors.