15 Amendments of Mylène TROSZCZYNSKI related to 2017/0225(COD)
Amendment 76 #
Proposal for a regulation
Recital 41
Recital 41
(41) In order for the Agency to function properly and effectively, the Commission and the Member States should ensure that persons to be appointed to the Management Board have appropriate professional expertise and experience in functional areas. The Commission and the Member States should also make efforts to limit the turnover of their respective Representatives on the Management Board in order to ensure continuity in its work.
Amendment 78 #
Proposal for a regulation
Recital 42
Recital 42
(42) The smooth functioning of the Agency requires that its Executive Director be appointed on grounds of merit and documented administrative and managerial skills, as well as competence and experience relevant for cybersecurity, and that the duties of the Executive Director be carried out with complete independence. The Executive Director should prepare a proposal for the Agency’s work programme, after prior consultation with the Commission, and take all necessary steps to ensure the proper execution of the work programme of the Agency. The Executive Director should prepare an annual report to be submitted to the Management Board, draw up a draft statement of estimates of revenue and expenditure for the Agency, and implement the budget. Furthermore, the Executive Director should have the option of setting up ad hoc Working Groups to address specific matters, in particular of a scientific, technical, legal or socioeconomic nature. The Executive Director should ensure that the ad hoc Working Groups’ members are selected according to the highest standards of expertise, taking due account of a representative balance, as appropriate according to the specific issues in question, between the public administrations of the Member States, the Union institutions and the private sector, including industry, users, and academic experts in network and information security.
Amendment 95 #
(53) The Commission should be empowered to adoptMember States will notify the Commission of their decisions on European cybersecurity certification schemes concerning specific groups of ICT products and services. These schemes should be implemented and supervised by national certification supervisory authorities and certificates issued within these schemes should be valid and recognised throughout the Union. Certification schemes operated by the industry or other private organisations should fall outside the scope of the Regulation. However, the bodies operating such schemes may propose to the Commission to consider such schemes as a basis for approving them as a European scheme.
Amendment 107 #
Proposal for a regulation
Recital 56
Recital 56
(56) The Commission should be empowered to request ENISA to prepare candidate schemes for specific ICT products or services. The Commission, based on the candidate scheme proposed by ENISA, shwould then be empowered to adopt the European cybersecurity certification scheme by means of implementing acts only after obtaining Member States’ consent. Taking account of the general purpose and security objectives identified in this Regulation, European cybersecurity certification schemes adopted by the Commission should specify a minimum set of elements concerning the subject-matter, the scope and functioning of the individual scheme. These should include among others the scope and object of the cybersecurity certification, including the categories of ICT products and services covered, the detailed specification of the cybersecurity requirements, for example by reference to standards or technical specifications, the specific evaluation criteria and evaluation methods, as well as the intended level of assurance: basic, substantial and/or high.
Amendment 228 #
Proposal for a regulation
Article 44 – paragraph 1
Article 44 – paragraph 1
1. Following a request from the Commission, ENISAMember States or the European Cybersecurity Certification Group (the 'Group') shall prepare a candidate European cybersecurity certification scheme which meets the requirements laid down by Member States that are set out in Articles 45, 46 and 47 of this Regulation. Member States or the European Cybersecurity Certification Group (the 'Group') established under Article 53 may propose the preparation of a candidate European cybersecurity certification scheme to the Commission.
Amendment 242 #
Proposal for a regulation
Article 44 – paragraph 2
Article 44 – paragraph 2
2. When preparing candidate schemes referred to in paragraph 1 of this Article, ENISA shall consult all relevant stakeholders and closely cooperate with the Group. The Group shall provide ENISA with the assistance and expert advice required by ENISA in relation to the preparation of the candidate scheme, including by providing opinions where necessary.
Amendment 244 #
Proposal for a regulation
Article 44 – paragraph 2 a (new)
Article 44 – paragraph 2 a (new)
2a. The certification framework shall benefit from the expertise of Member States with a major track record as regards these strategic issues, with the backing of industries that have acquired significant experience in the area.
Amendment 249 #
Proposal for a regulation
Article 44 – paragraph 3
Article 44 – paragraph 3
3. ENISA shall transmit the candidate European cybersecurity certification scheme preparedultimately adopted by Member States in accordance with paragraph 2 of this Article to the Commission.
Amendment 253 #
Proposal for a regulation
Article 44 – paragraph 4
Article 44 – paragraph 4
4. The Commission, based on the candidate scheme proposed by ENISA, mayertification scheme transmitted by ENISA and adopted by Member States, may then adopt implementing acts, in accordance with Article 55(1), providing for European cybersecurity certification schemes for ICT products and services meeting the requirements of Articles 45, 46 and 47 of this Regulation.
Amendment 396 #
Proposal for a regulation
Article 49 – paragraph 1 a (new)
Article 49 – paragraph 1 a (new)
1a. The national authorities responsible for cybersecurity certification may be in a position to issue high-level certificates;
Amendment 397 #
Proposal for a regulation
Article 49 – paragraph 2
Article 49 – paragraph 2
Amendment 406 #
Proposal for a regulation
Article 49 – paragraph 3 a (new)
Article 49 – paragraph 3 a (new)
3a. The Member States remain free to set additional certification requirements where they enable strategic content or activities that fall entirely under their sovereign powers to be secured.
Amendment 426 #
Proposal for a regulation
Article 51 – paragraph 1
Article 51 – paragraph 1
1. The conformity assessment bodies shall be accredited by the national accreditation body named pursuant to Regulation (EC) No 765/2008 only when they meet the requirements set out in the Annex to this Regulation.;
Amendment 436 #
Proposal for a regulation
Article 53 – paragraph 3 – point d
Article 53 – paragraph 3 – point d
(d) to adopt opinrecommendations addressed to the Commission relating to the maintenance and review of existing European cybersecurity certifications schemes;
Amendment 439 #
Proposal for a regulation
Article 53 – paragraph 4
Article 53 – paragraph 4