20 Amendments of Jiří POSPÍŠIL related to 2017/0225(COD)
Amendment 53 #
Proposal for a regulation
Recital 1
Recital 1
(1) Network and information systems and telecommunications networks and services play a vital role for society and have become the backbone of economic growth. Information and communications technology (ICT) underpins the complex systems which support everyday societal activities, keep our economies running in key sectors such as health, energy, finance and transport, and in particular support the functioning of the internal market.
Amendment 80 #
Proposal for a regulation
Recital 44
Recital 44
Amendment 81 #
Proposal for a regulation
Recital 46
Recital 46
(46) In order to guarantee the full autonomy and independence of the Agency and to enable it to perform additional and new tasks, including unforeseen emergency tasks, the Agency should be granted a sufficient and autonomous budget whose revenue comes primarily from a contribution from the Union and contributions from third countries participating in the Agency’s work. The majority of the Agency staff should be directly engaged in the operational implementation of the Agency’s mandate. The host Member State, or any other Member State, should be allowed to make voluntary contributions to the revenue of the Agency. The Union’s budgetary procedure should remain applicable as far as any subsidies chargeable to the general budget of the Union are concerned. Moreover, the Court of Auditors should audit the Agency’s accounts to ensure transparency and, accountability, efficiency and the effectiveness of the expenditure.
Amendment 111 #
Proposal for a regulation
Recital 57
Recital 57
(57) Recourse to European cybersecurity certification should remain voluntary, unless otherwise provided in Union or national legislation. However, with a view to achieving the objectives of this Regulation and avoiding the fragmentation of the internal market, national cybersecurity certification schemes or procedures for the ICT products and services covered by a European cybersecurity certification scheme should cease to produce effects from the date established by the Commission by means of the implementing act. Moreover, Member States should not introduce new national certification schemes providing cybersecurity certification schemes for ICT products and services already covered by an existing European cybersecurity certification scheme, with the exception of cases pertaining to the processing of classified information, national security and related public procurement procedures. This should apply as from a date set by the Commission by means of an implementing act, which should give Member States sufficient time for a smooth and seamless transition to the new certification scheme. Moreover, Member States should not introduce new national certification schemes providing cybersecurity certification schemes for ICT products and services already covered by an existing European cybersecurity certification scheme. The proposed certification scheme should therefore be sufficiently flexible and adaptable to keep up with rapidly evolving technology, should be compatible with international standards and should not create barriers to innovation, so that it can bring real benefits to Member States and not cause them difficulties.
Amendment 127 #
Proposal for a regulation
Recital 66
Recital 66
(66) The Agency’s operations should be evaluated independently. The evaluation should havinclude the rlegard toitimacy and effectiveness of the Aagency ’s expenditure, its efficiency in reachieving its objectives,targets and a description of its working practices and the relevance of its tasks. The evaluation should also assess the impact, effectiveness and efficiency of the European cybersecurity certification framework.
Amendment 143 #
Proposal for a regulation
Article 2 – paragraph 1 – point 16 a (new)
Article 2 – paragraph 1 – point 16 a (new)
(16a) ‘self-declaration of conformity’ means the statement by the manufacturer that attests their ICT product or service conforms with the specified European cybersecurity certification schemes.
Amendment 192 #
Proposal for a regulation
Article 9 – paragraph 1 – point d
Article 9 – paragraph 1 – point d
Amendment 204 #
Proposal for a regulation
Article 14 – paragraph 1 – point e
Article 14 – paragraph 1 – point e
e) assess and adopt the consolidated annual report on the Agency’s activities and send both the report and its assessment by 1 July of the following year, to the European Parliament, the Council, the Commission and the Court of Auditors. The annual report shall include the accounts and, describe how the Agencythe effectiveness of the expenditure and assess how efficient the Agency has been and to what extend it has met its performance indicators. The annual report shall be made public;
Amendment 206 #
Proposal for a regulation
Article 14 – paragraph 1 – point o
Article 14 – paragraph 1 – point o
o) take all decisions on the establishment of the Agency's internal structures and, where necessary, their modification, taking into consideration the Agency's activity needs, as listed in this regulation, and having regard to sound budgetary management;
Amendment 273 #
Proposal for a regulation
Article 45 – paragraph 1 – point g
Article 45 – paragraph 1 – point g
g) ensure that ICT products and services are provided with up to date software that does not contain known vulnerabilities or defects, and are provided mechanisms for secure software updates.
Amendment 285 #
Proposal for a regulation
Article 46 – paragraph 1
Article 46 – paragraph 1
Amendment 287 #
Proposal for a regulation
Article 46 – paragraph 1 a (new)
Article 46 – paragraph 1 a (new)
1a. A European cybersecurity certification scheme shall specify whether self-declaration of conformity is permissible or third party assessment strictly required.
Amendment 329 #
Proposal for a regulation
Article 47 – paragraph 1 – point c a (new)
Article 47 – paragraph 1 – point c a (new)
(ca) the applicable conformity assessment procedure and/or self- declaration of conformity
Amendment 346 #
Proposal for a regulation
Article 47 – paragraph 1 – point j
Article 47 – paragraph 1 – point j
j) rules concerning how previously undetected cybersecurity vulnerabilities or defects in ICT products and services are to be reported and dealt with;
Amendment 377 #
Proposal for a regulation
Article 48 – paragraph 3
Article 48 – paragraph 3
3. A European cybersecurity certificate pursuant to this Article shall be issued either by self-declaration of conformity or by the conformity assessment bodies referred to in Article 51 on the basis of criteria included in the European cybersecurity certification scheme, adopted pursuant to Article 44.
Amendment 393 #
Proposal for a regulation
Article 49 – paragraph 1
Article 49 – paragraph 1
1. Without prejudice to paragraph 3, national cybersecurity certification schemes and the related procedures for the ICT products and services covered by a European cybersecurity certification scheme shall cease to produce effects from the date established in the implementing act adopted pursuant Article 44(4). Existing, with the exception of cases involving the processing of classified information, national cybersecurity certification schemes and, or public supply contracts pertaining the related procedures for the ICT products and services not covered by a European cybersecurity certification scheme shall continue to existto, shall cease to produce effects from the date established in the implementing act adopted pursuant Article 44(4).
Amendment 409 #
Proposal for a regulation
Article 50 – paragraph 6 – point a
Article 50 – paragraph 6 – point a
(a) monitor and enforce the application of the provisions under this Title at national level and supervise and verify the compliance of the self-declarations of conformity and the cybersecurity certificates that have been issued by conformity assessment bodies established in their respective territories with the requirements set out in this Title and in the corresponding European cybersecurity certification scheme in accordance with the rules adopted by the European Cybersecurity Certification Group pursuant to Article 53(3)(ba);
Amendment 411 #
Proposal for a regulation
Article 50 – paragraph 6 – point b
Article 50 – paragraph 6 – point b
(b) monitor and, supervise and assess the activities of conformity assessment bodies for the purpose of this Regulation, including in relation to the notification of conformity assessment bodies and the related tasks set out in Article 52 of this Regulation;
Amendment 415 #
Proposal for a regulation
Article 50 – paragraph 6 – point c
Article 50 – paragraph 6 – point c
(c) handle complaints lodged by natural or legal persons in relation to certificates issued by self-declaration and by conformity assessment bodies established in their territories, investigate, to the extent appropriate, the subject matter of the complaint, and inform the complainant of the progress and the outcome of the investigation within a reasonable time period;
Amendment 429 #
Proposal for a regulation
Article 51 – paragraph 2 a (new)
Article 51 – paragraph 2 a (new)
2a. Where manufacturers opt for ‘self- declaration of conformity’ as established in Article 48(3) of this Regulation, conformity assessment bodies will take additional steps to verify the internal procedures undertaken by the manufacturer to ensure that their products and/or services conform with the requirements of the European cybersecurity certification scheme.