Activities of Axel VOSS related to 2017/0225(COD)
Legal basis opinions (0)
Amendments (6)
Amendment 24 #
Proposal for a regulation
Recital 3
Recital 3
(3) Increased digitisation and connectivity lead to increased cybersecurity risks, thus making society at large more vulnerable to cyber threats and exacerbating dangers faced by individuals, including vulnerable persons such as children. Moreover, the increasingly frequent conduct of malicious cyber operations by third-country actors, both non-state actors and governments, threatens to disrupt democratic processes and to destabilize democratic societies across Europe. In order to mitigate thisese risks to society, all necessary actions need to be taken to improve cybersecurity in the EU to better protect network and information systems, telecommunication networks, digital products, services and devices used by citizens, governments and business – from SMEs to operators of critical infrastructures – from cyber threats.
Amendment 30 #
Proposal for a regulation
Recital 5
Recital 5
(5) In light of the increased cybersecurity challenges faced by the Union, there is a need for a comprehensive set of measures that would build on previous Union action and foster mutually reinforcing objectives. These include the need to further increase capabilities and preparedness of Member States and businesses, as well as to improve cooperation and coordination across Member States and EU institutions, agencies and bodies. Furthermore, given the borderless nature of cyber threats, there is a need to increase capabilities at Union level that could complement the action of Member States, in particular in the case of large scale cross-border cyber incidents and crises. Additional efforts are also needed to increase awareness of citizens and businesses on cybersecurity issues. Moreover, the trust in the digital single market should be further improved by offering transparent information on the level of privacy and security of ICT products and services. This can be facilitated by EU- wide certification providing common cybersecurity requirements and evaluation criteria across national markets and sectors can contribute to this objective. However, voluntary measures implemented by the private sector, inter alia by IoT operators and service providers, should also be encouraged.
Amendment 54 #
Proposal for a regulation
Recital 55
Recital 55
(55) The purpose of European cybersecurity certification schemes should be to ensure that ICT products and services certified under such a scheme comply with specified requirements. Such requirements concern the ability to resist, at a given level of assurance, actions that aim to compromise the availability, authenticity, integrity and confidentiality of stored or transmitted or processed data or the related functions of or services offered by, or accessible via those products, processes, services and systems within the meaning of this Regulation. It is not possible to set out in detail in this Regulation the cybersecurity requirements relating to all ICT products and services. ICT products and services and related cybersecurity needs are so diverse, as is their lifecycle, that it is very difficult to come up with general cybersecurity requirements valid across the board. It is, therefore necessary to adopt a broad and general notion of cybersecurity for the purpose of certification, complemented by a set of specific cybersecurity objectives that need to be taken into account when designing European cybersecurity certification schemes. The modalities with which such objectives will be achieved in specific ICT products and services should then be further specified in detail at the level of the individual certification scheme adopted by the Commission, for example by reference to standards or technical specifications in close consultation with the Member States and industrial stakeholders, for example by reference to standards or technical specifications. The individual certification schemes should be designed in such a way that all actors involved in the development of relevant IT products and services are encouraged to develop and adopt standards, norms and principles which ensure the highest possible level of security throughout the lifecycle.
Amendment 71 #
Proposal for a regulation
Article 4 – paragraph 6
Article 4 – paragraph 6
6. The Agency shall promote the use of certification, including by contributing to the development of European and international standards on cybersecurity, the establishment and maintenance of a cybersecurity certification framework at Union level in accordance with Title III of this Regulation, with a view to increasing transparency of cybersecurity assurance of ICT products and services and thus strengthen trust in the digital internal market.
Amendment 84 #
Proposal for a regulation
Article 8 – paragraph 1 – point a – point 1
Article 8 – paragraph 1 – point a – point 1
(1) preparing candidate European cybersecurity certification schemes for ICT products and services in cooperation with industry in accordance with Article 44 of this Regulation;
Amendment 101 #
Proposal for a regulation
Article 44 – paragraph 1
Article 44 – paragraph 1
1. Following a request from the Commission, ENISA shall prepare a candidate European cybersecurity certification scheme which meets the requirements set out in Articles 45, 46 and 47 of this Regulation. Member States or, the European Cybersecurity Certification Group (the ‘Group’) established under Article 53, or industry representatives may propose the preparation of a candidate European cybersecurity certification scheme to the Commission.