The European Parliament, the Council and the European Commission have reached a political agreement on the Cybersecurity Act. Constructing an EU framework for cyber-security certification, the Act reinforces the mandate of the European Union Agency for Network and Information and Security (”ENISA”) in order to better support Member States with handling cybersecurity threats and attacks.
The Act comprises an internal market law that takes up the challenge of enhancing the security of connected products, IOT devices, and critical infrastructure. The Act establishes a framework for European Cybersecurity Certificates for products, processes and services that will be valid in the EU.
Andrus Ansip, Vice President of the Digital Single Market commented:

“In the digital environment, people as well as companies need to feel secure; it is the only way for them to take full advantage of Europe’s digital economy. Trust and security are fundamental for our Digital Single Market to work properly. This evening’s agreement on comprehensive certification for cyber-security products and a stronger EU Cybersecurity Agency is another step on the path to its completion.”

Mariya Gabriel, Commissioner of the Digital Economy and Society stated:

“Enhancing Europe’s cyber-security, and increasing the trust of citizens and businesses in the digital society is a top priority for the European Union. Major incidents such as Wannacry and NotPetya have acted as wake-up calls, because they dearly showed the potential consequences of large-scale cyber-attacks. In this perspective, I strongly believe that tonight’s deal both improves our Union’s overall security and supports business competitiveness.”

The Cybersecurity Act was proposed as part of the Cybersecurity package that was adopted on 13 September 2017.