Activities of Fabienne KELLER related to 2022/0085(COD)
Shadow opinions (1)
OPINION on the proposal for a regulation of the European Parliament and of the Council laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union
Amendments (7)
Amendment 21 #
Proposal for a regulation
Recital 22
Recital 22
(22) All personal data processed under this Regulation should be processed in accordance with Union data protection legislation including Rregulation (EU) 2018/1725 of the European Parliament and of the Council.7 The CERT-EU and IICB should work in close cooperation with the EDPS and staff specialised in data protection in the Union institutions, bodies and agencies to ensure the full compliance with Union data protection legislation. _________________ 7 Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).
Amendment 37 #
Proposal for a regulation
Article 18 – paragraph 2
Article 18 – paragraph 2
2. The provisions of Regulation (EC) No 1049/2001 of the European Parliament and the Council9 shall apply with regard to requests for public access to documents held by CERT-EU, including the obligation under that Regulation to consult other Union institutions, bodies and agencies, or a Member State, whenever a request concerns their documents. _________________ 9 Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145, 31.5.2001, p. 43).
Amendment 44 #
Proposal for a regulation
Article 19 – paragraph 1
Article 19 – paragraph 1
1. To enable CERT-EU to coordinate vulnerability management and incident response, it may request Union institutions, bodies and agencies to provide it with information from their respective IT system inventories that is relevant for the CERT-EU support, including any changes in their IT environment. The requested institution, body or agency shall transmit the requested information, and any subsequent updates thereto, without undue delay.
Amendment 46 #
Proposal for a regulation
Article 19 – paragraph 3
Article 19 – paragraph 3
3. CERT-EU may only exchange incident-specific information which reveals the identity of the Union institution, body or agency affected by the incident with the consent of that entity, except where such exchange is essential to prevent an imminent cybersecurity-incident affecting other Union institution, body or agency. CERT-EU may only exchange incident- specific information which reveals the identity of the target of the cybersecurity incident with the consent of the entity affected by the incident, except where such exchange is essential to prevent an imminent cybersecurity-incident affecting other Union institution, body or agency.
Amendment 50 #
Proposal for a regulation
Article 19 – paragraph 4
Article 19 – paragraph 4
4. The sharing obligations shall not extend to EU Classified Information (EUCI) and to information that a Union institution, body or agency has received from a Member State Security or Intelligence Service or law enforcement agency under the explicit condition that it will not be shared with CERT-EU, unless they decide otherwise at a later stage.
Amendment 52 #
Proposal for a regulation
Article 20 – paragraph 5
Article 20 – paragraph 5
5. The notification obligations shall not extend to EUCI and to information that a Union institution, body or agency has received from a Member State Security or Intelligence Service or law enforcement agency under the explicit condition that it will not be shared with CERT-EU, unless they decide otherwise at a later stage.
Amendment 54 #
Proposal for a regulation
Article 21 – paragraph 4
Article 21 – paragraph 4
4. The IICB shall issue guidance on incident response coordination and cooperation for significant incidents. Where the criminal nature of an incident is suspected, CERT-EU shall advise on how to comply with their obligation to report the incident to competent law enforcement authorities.