BETA

Activities of Marc BOTENGA related to 2022/0085(COD)

Shadow reports (1)

REPORT on the proposal for a regulation of the European Parliament and of the Council laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union
2023/03/10
Committee: ITRE
Dossiers: 2022/0085(COD)
Documents: PDF(454 KB) DOC(183 KB)
Authors: [{'name': 'Henna VIRKKUNEN', 'mepid': 124726}]

Amendments (7)

Amendment 103 #
Proposal for a regulation
Recital 8
(8) In order to avoid imposing a disproportionate financial and administrative burden on Union institutions, bodies and agencies, the cybersecurity risk management requirements should be proportionate to the risk presented by the network and information system concerned, taking into account the state of the art of such measures. Each Union institution, body and agency should aim to allocate an adequate percentage of its IT budget to improve its level of cybersecurity; in the longer term a target in the order of 10% should be pursued, provided that the budget increase is essentially devoted to the employment of new qualified staff.
2022/10/28
Committee: ITRE
Amendment 121 #
Proposal for a regulation
Recital 19
(19) CERT-EU should also fulfil the role provided for it in Directive [proposal NIS 2] concerning cooperation and information exchange with the computer security incident response teams (CSIRTs) network. Moreover, in line with Commission Recommendation (EU) 2017/15844 , CERT-EU should cooperate and coordinate on the response with the relevant stakeholders. In order to contribute to a high level of cybersecurity across the Union, CERT-EU should share incident specific information with national counterparts. CERT-EU should also collaborate with other public as well as private counterparts, including at NATO, subject to prior approval by the IICB. _________________ 4 Commission Recommendation (EU) 2017/1584 of 13 September 2017 on coordinated response to large-scale cybersecurity incidents and crises (OJ L 239, 19.9.2017, p. 36).
2022/10/28
Committee: ITRE
Amendment 289 #
Proposal for a regulation
Article 12 – paragraph 7 a (new)
7 a. CERT-EU shall present, under appropriate confidentiality conditions, a yearly report of its activities to the European Parliament. This report shall include relevant and precise information about the major incidents and the way they were dealt with.
2022/10/28
Committee: ITRE
Amendment 318 #
Proposal for a regulation
Article 17 – paragraph 1
1. CERT-EU may cooperate with public non- Member State counterparts including industry sector-specific counterparts on tools and methods, such as techniques, tactics, procedures and best practices, and on cyber threats and vulnerabilities. For all cooperation with such counterparts, including in frameworks where non-EU counterparts cooperate with national counterparts of Member States, CERT-EU shall seek prior approval from the IICB.
2022/10/28
Committee: ITRE
Amendment 319 #
Proposal for a regulation
Article 17 – paragraph 2
2. CERT-EU may cooperate with other partners, such as commercial entities (including industry sector-specific entities) , international organisations, non- European Union national entities or individual experts, to gather information on general and specific cyber threats, vulnerabilities and possible countermeasures. For wider cooperation with such partners, CERT-EU shall seek prior approval from the IICB.
2022/10/28
Committee: ITRE
Amendment 321 #
Proposal for a regulation
Article 17 – paragraph 2 a (new)
2 a. In particular in its relations with commercial entities, the EU institutions will refrain themselves to trade zero day exploits. EU institutions must notify all exploits and weaknesses to the manufacturer of the software, or make them public in a responsible way;
2022/10/28
Committee: ITRE
Amendment 332 #
Proposal for a regulation
Article 19 – paragraph 3
3. CERT-EU may only exchange incident-specific information which reveals the identity of the Union institution, body or agency affected by the incident with the consent of that entity. CERT-EU may only exchange incident-specific information which reveals the identity of the target of the cybersecurity incident with the consent of the entity affected by the incident. In view of its scrutiny tasks, the European Parliament can request this information even without the consent of the institutions concerned.
2022/10/28
Committee: ITRE