15 Amendments of Krišjānis KARIŅŠ related to 2017/0225(COD)
Amendment 93 #
Proposal for a regulation
Recital 2
Recital 2
(2) The use of network and information systems by citizens, businesses and governments across the Union is now pervasive. Digitisation and connectivity are becoming core features in an ever growing number of products and services and with the advent of the Internet of Things (IoT) millions, if not billions, of connected digital devices are expected to be deployed across the EU during the next decade. While an increasing number of devices are connected to the Internet, security and resilience are not sufficiently built in by design, leading to insufficient cybersecurity. In this context, the limited use of certification leads to insufficient information for organisational and individual users about the cybersecurity features of ICT products, processes and services, undermining trust in digital solutions. This ambition is at the heart of the European Commission’s reform agenda to achieve a digital single market as ICT networks provide the backbone for digital products and services which have the potential to support all aspects of our lives and drive Europe’s economic growth. To ensure that the objectives of the digital single market are fully achieved the essential technology building blocks on which important areas such as eHealth, IoT, Artificial Intelligence, Quantum technology as well as intelligent transport system and advanced manufacturing rely must be in place.
Amendment 107 #
Proposal for a regulation
Recital 7
Recital 7
(7) The Union has already taken important steps to ensure cybersecurity and increase trust in digital technologies. In 2013, an EU Cybersecurity Strategy was adopted to guide the Union's policy response to cybersecurity threats and risks. In its effort to better protect Europeans online, in 2016 the Union adopted the first legislative act in the area of cybersecurity, the Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union (the "NIS Directive"). The NIS Directive fulfills the digital single market strategy and together with other instruments, such as the Directive establishing the European Electronic Communications Code, Regulation (EU) 2016/679 and Directive 2002/58/EC, puts in place requirements concerning national capabilities in the area of cybersecurity, established the first mechanisms to enhance strategic and operational cooperation between Member States, and introduced obligations concerning security measures and incident notifications across sectors which are vital for economy and society such as energy, transport, water, banking, financial market infrastructures, healthcare, digital infrastructure as well as key digital service providers (search engines, cloud computing services and online marketplaces). A key role was attributed to ENISA in supporting implementation of this Directive. In addition, effective fight against cybercrime is an important priority in the European Agenda on Security, contributing to the overall aim of achieving a high level of cybersecurity.
Amendment 114 #
Proposal for a regulation
Recital 14
Recital 14
(14) The underlying task of the Agency is to promote the consistent implementation of the relevant legal framework, in particular the effective implementation of the NIS Directive, the Directive establishing the European Electronic Communications Code, Regulation (EU) 2016/679 and Directive 2002/58/EC, which is essential in order to increase cyber resilience. In view of the fast evolving cybersecurity threat landscape, it is clear that Member States must be supported by more comprehensive, cross-policy approach to building cyber resilience.
Amendment 122 #
Proposal for a regulation
Recital 26
Recital 26
(26) To understand better the challenges in the field of cybersecurity, and with a view to providing strategic long term advice to Member States and Union institutions, the Agency needs to analyse current and emerging risks, incidents, threats and vulnerabilities. For that purpose, the Agency should, in cooperation with Member States and, as appropriate, with statistical bodies and others, collect relevant information and perform analyses of emerging technologies and provide topic-specific assessments on expected societal, legal, economic and regulatory impacts of technological innovations on network and information security, in particular cybersecurity. The Agency should furthermore support Member States and Union institutions, agencies and bodies in identifying emerging trends and preventing problems related to cybersecurity, by performing analyses of threats and, incidents and vulnerabilities.
Amendment 140 #
Proposal for a regulation
Recital 35
Recital 35
(35) The Agency should encourage Member States and service providers to raise their general security standards so that all internet users can take the necessary steps to ensure their own personal cybersecurity. In particular, service providers and product manufacturers should withdraw or recycle products and services that do not meet cybersecurity standards. In cooperation with competent authorities, ENISA may disseminate information regarding the level of cybersecurity of the products and services offered in the internal market, and issue warnings targeting providers and manufacturers and requiring them to improve the security, including cybersecurity, of their products and services. The Agency should work together with stakeholders towards developing a EU-wide approach to responsible vulnerabilities disclosure and should promote best practices in this area.
Amendment 274 #
Proposal for a regulation
Article 5 – paragraph 1 – point 2
Article 5 – paragraph 1 – point 2
2. assisting Member States to implement consistently the Union policy and law regarding cybersecurity notably in relation to Directive (EU) 2016/1148, Directive establishing the European Electronic Communications Code, Regulation (EU) 2016/679 and Directive 2002/58/EC, including by means of opinions, guidelines, advice and best practices on topics such as risk management, incident reporting and information sharing, as well as facilitating the exchange of best practices between competent authorities in this regard;
Amendment 324 #
Proposal for a regulation
Article 8 – paragraph 1 – point a – point 1
Article 8 – paragraph 1 – point a – point 1
(1) preparing candidate European cybersecurity certification schemes for ICT products, processes and services in cooperation with the certification stakeholder working group is accordance with Article 44.2 of this Regulation;
Amendment 380 #
Proposal for a regulation
Article 20 – paragraph 1
Article 20 – paragraph 1
1. The Management Board, acting on a proposal by the Executive Director, shall, in a transparent manner, set up a Permanent Stakeholders’ Group composed of recognised experts representing the relevant stakeholders, such as the ICT industry, providers of electronic communications networks or services available to the public, consumer groups, standardisation organisations, academic experts in the cybersecurity, and representatives of competent authorities notified under [Directive establishing the European Electronic Communications Code] as well as of law enforcement and data protection supervisory authorities.
Amendment 388 #
Proposal for a regulation
Article 20 – paragraph 4 a (new)
Article 20 – paragraph 4 a (new)
4 a. The Permanent Stakeholders' Group will provide regular updates on its planning throughout the year and set out the objectives in its work programme which shall be published every six months to ensure transparency;
Amendment 414 #
Proposal for a regulation
Article 44 – paragraph 1
Article 44 – paragraph 1
1. Following a request from the Commission, ENISA shall prepare a candidate European cybersecurity certification scheme which meets the requirements set out in Articles 45, 46 and 47 of this Regulation. Member States or the European Cybersecurity Certification Group (the 'Group') established under Article 53 or other industry interested stakeholders may propose the preparation of a candidate European cybersecurity certification scheme to the Commission.
Amendment 433 #
Proposal for a regulation
Article 44 – paragraph 3
Article 44 – paragraph 3
3. ENISA shall transmit without delay the candidate European cybersecurity certification scheme prepared in accordance with paragraph 2 of this Article to the Commission.
Amendment 437 #
Proposal for a regulation
Article 44 – paragraph 4
Article 44 – paragraph 4
4. The Commission, based on the candidate scheme proposed by ENISA, may adopt implementing acts, in accordance with Article 55(1), providing for European cybersecurity certification schemes for ICT products, processes and services meeting the requirements of Articles 45, 46 and 47 of this Regulation.
Amendment 446 #
Proposal for a regulation
Article 45 – paragraph 1 – introductory part
Article 45 – paragraph 1 – introductory part
A European cybersecurity certification scheme shall be so designed to take into account, as applicable, the following security objectives to ensure the availability, integrity and confidentiality of services:
Amendment 569 #
Proposal for a regulation
Article 48 – paragraph 5
Article 48 – paragraph 5
5. The natural or legal person which submits its ICT products, processes or services to the certification mechanism shall provide the conformity assessment body referred to in Article 51 with all information necessary to conduct the certification procedure.
Amendment 579 #
Proposal for a regulation
Article 49 – paragraph 1
Article 49 – paragraph 1
1. Without prejudice to paragraph 3, national cybersecurity certification schemes and the related procedures for the ICT products, processes and services covered by a European cybersecurity certification scheme shall cease to produce effects from the date established in the implementing act adopted pursuant Article 44(4). Existing national cybersecurity certification schemes and the related procedures for the ICT products, processes and services not covered by a European cybersecurity certification scheme shall continue to exist. Maintenance processes with minor updates shall not invalidate the certification.