BETA


2023/0108(COD) Managed security services

Progress: Procedure completed, awaiting publication in Official Journal

RoleCommitteeRapporteurShadows
Lead ITRE CUTAJAR Josianne (icon: S&D S&D) TOŠENOVSKÝ Evžen (icon: ECR ECR)
Committee Opinion IMCO
Committee Opinion LIBE
Lead committee dossier:
Legal Basis:
T, r, e, a, t, y, , o, n, , t, h, e, , F, u, n, c, t, i, o, n, i, n, g, , o, f, , t, h, e, , E, U, , T, F, E, U, , 1, 1, 4

Events

2024/12/19
   Council of the EU - Draft final act
Documents
2024/12/02
   EP/CSL - Act adopted by Council after Parliament's 1st reading
2024/12/02
   CSL - Council Meeting
2024/08/08
   European Commission - Commission response to text adopted in plenary
Documents
2024/04/24
   EP - Decision by Parliament, 1st reading
Details

The European Parliament adopted by 53 votes to 5, with 33 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) 2019/881 as regards managed security services.

The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:

Subject matter

The proposed Regulation aims to enable the adoption of European cybersecurity certification schemes for managed security services. The definition of managed security services under this Regulation includes a non-exhaustive list of managed security services that could qualify for certification schemes, such as incident handling, penetration testing, security audits, and consulting related to technical support.

European certification schemes for managed security services should lead to the uptake of those services and to increased competition between providers offering managed security services. Without prejudice for the objective of ensuring sufficient and appropriate levels of relevant technical knowledge and professional integrity of such providers, certification schemes should, therefore, facilitate market entry and the offering of managed security services, by simplifying, to the extent possible, the potential regulatory, administrative and financial burden that providers, especially microenterprises or small and medium-sized enterprises (SMEs), could encounter when offering managed security services.

Additionally, in order to encourage the uptake of, and stimulate the demand for, managed security services, the schemes should contribute to the accessibility thereof, especially for smaller actors, such as microenterprises and SMEs, as well as local and regional authorities which have limited capacity and resources, but which are more prone to cybersecurity breaches with financial, legal, reputational, and operational implications.

The Union certification scheme for managed security services should contribute to the availability of secure and high-quality services which guarantee a safe digital transition and to the achievement of targets set up in the Digital Decade Policy Programme, especially with regard to the goal that 75% of Union undertakings start using Cloud, AI or Big Data, that more than 90% of microenterprises and SMEs reach at least a basic level of digital intensity and that key public services are offered online.

Preparation, adoption and review of a European cybersecurity certification scheme

Following a request from the Commission, ENISA will prepare a candidate scheme that meets the applicable requirements set out in the Regulation. Following a request from the European Cybersecurity Certification Group (ECCG) may prepare a candidate scheme that meets the applicable requirements. If ENISA rejects such a request, it will have to give reasons for its refusal. Any decision to reject such an application will be taken by the Management Board.

When preparing a candidate scheme, ENISA should consult all relevant stakeholders in a timely manner through a formal, open, transparent and inclusive consultation process. For each candidate scheme, ENISA should set up an ad hoc working group to provide specific advice and expertise. The ad hoc working groups set up for this purpose should include, where appropriate, experts from Member States' public administrations, EU institutions, bodies, offices and agencies and the private sector.

Information and consultation on the European cybersecurity certification schemes

The Commission should make the information on its request to ENISA to prepare a candidate scheme. During the preparation of a candidate scheme by ENISA, the European Parliament as well as the Council may request the Commission in its capacity as chair of the European Cybersecurity Certification Group (ECCG) and ENISA to present relevant information on a draft candidate scheme on a quarterly basis. Upon the request of the European Parliament or the Council, ENISA, in agreement with the Commission, may make available to the European Parliament and to the Council relevant parts of a draft candidate scheme in a manner appropriate to the confidentiality level required, and where appropriate in a restricted manner.

In order to enhance the dialogue between the Union institutions and to contribute to a formal, open, transparent and inclusive consultation process, the European Parliament as well as the Council may invite the Commission and ENISA to discuss matters concerning the functioning of European cybersecurity certification schemes for ICT products, ICT services, ICT processes or managed security services.

A new annex contains the requirements to be met by conformity assessment bodies wishing to be accredited.

In a statement , the Commission recalled that it is recognised that a thorough review of the Cybersecurity Regulation is of the utmost importance, including the evaluation of the procedures leading to the development, adoption and review of European cybersecurity certification schemes.

This review should be based on a deep analysis and broad consultation on the impact, effectiveness and efficiency of the functioning of the European cybersecurity certification framework. The analysis carried out as part of the evaluation established in Article 67 of the Cybersecurity Act should include on-going scheme development activities, such as the one concerning European cybersecurity certification scheme for cloud services (EUCS) as well as those of adopted schemes such as the one concerning the European Common Criteria-based cybersecurity certification scheme (EUCC).

Accordingly, the Commission, which is responsible for the review of the Cybersecurity Act, should ensure that the review takes into account as appropriate the necessary elements mentioned in light of Article 67 when presenting the review to the co-legislators.

Text adopted by Parliament, 1st reading/single reading

Documents
2024/04/24
   EP - Results of vote in Parliament
2024/03/21
   Council of the EU - Coreper letter confirming interinstitutional agreement
2024/03/20
   European Parliament - Text agreed during interinstitutional negotiations
Documents
2024/03/20
   EP - Approval in committee of the text agreed at 1st reading interinstitutional negotiations
2023/11/09
   EP - Committee decision to enter into interinstitutional negotiations confirmed by plenary (Rule 71)
2023/11/08
   EP - Committee decision to enter into interinstitutional negotiations announced in plenary (Rule 71)
2023/10/26
   EP - Committee report tabled for plenary, 1st reading
Details

The Committee on Industry, Research and Energy adopted the report by Josianne CUTAJAR (S&D, MT) on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) 2019/881 as regards managed security services.

The committee responsible recommended that the European Parliament's position adopted at first reading under the ordinary legislative procedure should amend the proposal as follows:

Changes to the definition of managed security service

The report stated that managed security services, which are services consisting of carrying out, or providing assistance for, activities relating to their customers’ cybersecurity risk management, including detection, response to or recovery from incidents, have gained increasing importance in the prevention and mitigation of cybersecurity incidents. The activities of the providers of managed security services consist of services relating to prevention, identification, protection, detection, analysis, containment, response and recovery, including, but not limited to, cyber threat intelligence provision, real time threat monitoring through proactive techniques, including security-by-design, risk assessment, extended detection, remediation and response.

The Union rolling work programme for European cybersecurity certification

According to Members, the Union rolling work programme should include a list of ICT products, ICT services and ICT processes or categories thereof, and managed security services, that are capable of benefiting from being included in the scope of a European cybersecurity certification scheme. In that context, the Commission should include an in-depth assessment of existing training paths to bridge identified skills gaps and a list of proposals for addressing the needs for skilled employees and types of skills.

SMEs

Members considered that the Commission should ensure appropriate financial support in the regulatory framework of existing Union programmes, in particular in order to ease the financial burden on microenterprises and SMEs, including start-ups acting in the field of managed security services.

Evaluation and review

By 28 June 2024, and every three years thereafter, the Commission should assess the impact, effectiveness and efficiency of ENISA and of its working practices, the possible need to modify ENISA’s mandate and the financial implications of any such modification. The evaluation should assess: (i) the efficiency and effectiveness of the procedures leading to consultation, preparation and adoption of European cybersecurity certification schemes, as well as ways to improve and accelerate those procedures; (ii) whether essential cybersecurity requirements for access to the internal market are necessary in order to prevent ICT products, ICT services, ICT processes and managed security services which do not meet basic cybersecurity requirements from entering the Union market.

Committee report tabled for plenary, 1st reading/single reading

Documents
2023/10/25
   EP - Vote in committee, 1st reading
2023/10/25
   EP - Committee decision to open interinstitutional negotiations with report adopted in committee
2023/09/21
   European Parliament - Amendments tabled in committee
Documents
2023/09/21
   European Parliament - Specific opinion
Documents
2023/09/07
   European Parliament - Committee draft report
Documents
2023/08/01
   CZ_SENATE - Contribution
Documents
2023/07/20
   PT_PARLIAMENT - Contribution
Documents
2023/07/13
   Economic and Social Committee: opinion, report - ESC
Documents
2023/06/29
   CZ_CHAMBER - Contribution
Documents
2023/06/01
   EP - Committee referral announced in Parliament, 1st reading
2023/05/02
   EP - CUTAJAR Josianne (S&D) appointed as rapporteur in ITRE
2023/04/18
   European Commission - Legislative proposal
Details

PURPOSE: to create European cybersecurity certification schemes for managed security services.

PROPOSED ACT: Regulation of the European Parliament and of the Council.

ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.

BACKGROUND: Regulation (EU) 2019/881 of the European Parliament and of the Council on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification sets up a framework for the establishment of European cybersecurity certification schemes for the purpose of ensuring an adequate level of cybersecurity for ICT products, ICT services and ICT processes in the Union, as well as for the purpose of avoiding the fragmentation of the internal market with regard to cybersecurity certification schemes in the Union.

Managed security services , which are services consisting of carrying out, or providing assistance for, activities relating to their customers’ cybersecurity risk management, have gained increasing importance in the prevention and mitigation of cybersecurity incidents. Accordingly, the providers of those services are considered as essential or important entities belonging to a sector of high criticality pursuant to Directive (EU) 2022/2555 of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union.

Managed security service providers in areas such as incident response, penetration testing, security audits and consultancy, play a particularly important role in assisting entities in their efforts to prevent, detect, respond to or recover from incidents. They have however also themselves been the target of cyberattacks and pose a particular risk because of their close integration in the operations of their customers.

Some Member States have already begun adopting certification schemes for managed security services. There is therefore a growing risk of fragmentation of the internal market for managed security services owing to inconsistencies in cybersecurity certification schemes across the Union. This proposal aims to prevent such fragmentation.

CONTENT: the proposed targeted amendment to amend the scope of the European cybersecurity certification framework in the Cybersecurity Act aims to enable, by means of Commission implementing acts, the adoption of European cybersecurity certification schemes for ‘managed security services’ , in addition to information and technology (ICT) products, ICT services and ICT processes, which are already covered under the Cybersecurity Act.

The proposal also introduces a definition of those services, which is very closely aligned to the definition of ‘managed security services providers’ under the NIS 2 Directive (Article 2 of the Cybersecurity Act). It also adds new provisions on the security objectives of European cybersecurity certification adapted to ‘managed security services’.

Lastly, a number of technical amendments are made to ensure that the relevant articles apply also to ‘managed security services’.

Legislative proposal

2023/04/18
   EC - Legislative proposal published
Details

PURPOSE: to create European cybersecurity certification schemes for managed security services.

PROPOSED ACT: Regulation of the European Parliament and of the Council.

ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.

BACKGROUND: Regulation (EU) 2019/881 of the European Parliament and of the Council on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification sets up a framework for the establishment of European cybersecurity certification schemes for the purpose of ensuring an adequate level of cybersecurity for ICT products, ICT services and ICT processes in the Union, as well as for the purpose of avoiding the fragmentation of the internal market with regard to cybersecurity certification schemes in the Union.

Managed security services , which are services consisting of carrying out, or providing assistance for, activities relating to their customers’ cybersecurity risk management, have gained increasing importance in the prevention and mitigation of cybersecurity incidents. Accordingly, the providers of those services are considered as essential or important entities belonging to a sector of high criticality pursuant to Directive (EU) 2022/2555 of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union.

Managed security service providers in areas such as incident response, penetration testing, security audits and consultancy, play a particularly important role in assisting entities in their efforts to prevent, detect, respond to or recover from incidents. They have however also themselves been the target of cyberattacks and pose a particular risk because of their close integration in the operations of their customers.

Some Member States have already begun adopting certification schemes for managed security services. There is therefore a growing risk of fragmentation of the internal market for managed security services owing to inconsistencies in cybersecurity certification schemes across the Union. This proposal aims to prevent such fragmentation.

CONTENT: the proposed targeted amendment to amend the scope of the European cybersecurity certification framework in the Cybersecurity Act aims to enable, by means of Commission implementing acts, the adoption of European cybersecurity certification schemes for ‘managed security services’ , in addition to information and technology (ICT) products, ICT services and ICT processes, which are already covered under the Cybersecurity Act.

The proposal also introduces a definition of those services, which is very closely aligned to the definition of ‘managed security services providers’ under the NIS 2 Directive (Article 2 of the Cybersecurity Act). It also adds new provisions on the security objectives of European cybersecurity certification adapted to ‘managed security services’.

Lastly, a number of technical amendments are made to ensure that the relevant articles apply also to ‘managed security services’.

Legislative proposal

Documents

Votes

A9-0307/2023 – Josianne Cutajar – Provisional agreement – Am 2 #

2024/04/24 Outcome: +: 530, 0: 53, -: 5
DE FR IT ES PL NL SE RO CZ BE HU AT BG FI PT DK EL HR LT SK IE LV EE SI LU MT
Total
84
74
47
54
43
28
20
21
21
21
15
17
13
13
17
11
13
11
9
12
12
8
7
7
6
4
icon: PPE PPE
147

Hungary PPE

1

Denmark PPE

For (1)

1

Estonia PPE

For (1)

1

Slovenia PPE

3

Luxembourg PPE

2

Malta PPE

For (1)

1
icon: S&D S&D
112
6

Romania S&D

2

Czechia S&D

For (1)

1

Belgium S&D

2

Bulgaria S&D

2

Denmark S&D

2

Greece S&D

1

Lithuania S&D

2

Slovakia S&D

For (1)

1

Latvia S&D

2

Estonia S&D

2

Slovenia S&D

2

Luxembourg S&D

For (1)

1
icon: Renew Renew
93

Poland Renew

1
3

Hungary Renew

For (1)

1

Austria Renew

For (1)

1

Bulgaria Renew

2

Finland Renew

3

Greece Renew

1

Croatia Renew

For (1)

1

Ireland Renew

2

Latvia Renew

For (1)

1

Estonia Renew

3

Slovenia Renew

2

Luxembourg Renew

2
icon: Verts/ALE Verts/ALE
66

Italy Verts/ALE

2

Spain Verts/ALE

3

Poland Verts/ALE

For (1)

1

Netherlands Verts/ALE

3

Sweden Verts/ALE

3

Czechia Verts/ALE

3

Belgium Verts/ALE

3

Austria Verts/ALE

3

Finland Verts/ALE

3

Portugal Verts/ALE

1

Denmark Verts/ALE

For (1)

1

Lithuania Verts/ALE

2

Ireland Verts/ALE

2

Luxembourg Verts/ALE

For (1)

1
icon: ECR ECR
58

Germany ECR

1

France ECR

For (1)

1

Romania ECR

Abstain (1)

1

Bulgaria ECR

2

Finland ECR

1

Greece ECR

Abstain (1)

1

Croatia ECR

1

Lithuania ECR

1

Slovakia ECR

For (1)

1

Latvia ECR

For (1)

1
icon: ID ID
47

Czechia ID

Abstain (1)

1

Austria ID

Abstain (2)

2

Denmark ID

For (1)

1

Estonia ID

For (1)

1
icon: NI NI
34

Germany NI

For (1)

Abstain (1)

2

Spain NI

1

Netherlands NI

Against (1)

1

Romania NI

For (1)

1

Czechia NI

For (1)

1

Belgium NI

For (1)

1

Greece NI

Against (1)

3

Croatia NI

2

Latvia NI

Abstain (1)

1
icon: The Left The Left
31

Czechia The Left

Abstain (1)

1

Belgium The Left

Abstain (1)

1

Finland The Left

For (1)

1

Denmark The Left

1

Greece The Left

2

Ireland The Left

4
AmendmentsDossier
36 2023/0108(COD)
2023/09/21 ITRE 36 amendments...
source: 753.562

History

(these mark the time of scraping, not the official date of the change)

procedure/stage_reached
Old
Awaiting signature of act
New
Procedure completed, awaiting publication in Official Journal
committees/0
type
Responsible Committee
body
EP
associated
False
committee_full
Industry, Research and Energy
committee
ITRE
rapporteur
name: CUTAJAR Josianne date: 2023-05-02T00:00:00 group: Progressive Alliance of Socialists and Democrats abbr: S&D
shadows
name: TOŠENOVSKÝ Evžen group: European Conservatives and Reformists Group abbr: ECR
committees/0
type
Responsible Committee
body
EP
committee_full
Industry, Research and Energy
committee
ITRE
associated
False
rapporteur
name: CUTAJAR Josianne date: 2023-05-02T00:00:00 group: Group of Progressive Alliance of Socialists and Democrats abbr: S&D
shadows
committees/1/rapporteur
  • name: CAVAZZINI Anna date: 2023-05-23T00:00:00 group: Group of the Greens/European Free Alliance abbr: Verts/ALE
council
  • body: CSL type: Council Meeting council: Employment, Social Policy, Health and Consumer Affairs meeting_id: 4064 url: https://www.consilium.europa.eu/en/meetings/calendar/?Category=meeting&Page=1&daterange=&dateFrom=2024-12-02&dateTo=2024-12-02 date: 2024-12-02T00:00:00
docs/0
date
2023-09-07T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/ITRE-PR-752802_EN.html title: PE752.802
type
Committee draft report
body
EP
docs/0
date
2023-07-13T00:00:00
docs
url: https://dmsearch.eesc.europa.eu/search/public?k=(documenttype:AC)(documentnumber:2408)(documentyear:2023)(documentlanguage:EN) title: CES2408/2023
type
Economic and Social Committee: opinion, report
body
ESC
docs/0/body
Old
EP
New
European Parliament
docs/1
date
2023-09-07T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/ITRE-PR-752802_EN.html title: PE752.802
type
Committee draft report
body
EP
docs/1
date
2023-09-21T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/ITRE-AM-753562_EN.html title: PE753.562
type
Amendments tabled in committee
body
EP
docs/1/body
Old
EP
New
European Parliament
docs/2
date
2023-09-21T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/ITRE-AM-753562_EN.html title: PE753.562
type
Amendments tabled in committee
body
EP
docs/2
date
2023-09-21T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/IMCO-AL-749983_EN.html title: PE749.983
committee
IMCO
type
Specific opinion
body
EP
docs/2/body
Old
EP
New
European Parliament
docs/3
date
2023-09-21T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/IMCO-AL-749983_EN.html title: PE749.983
committee
IMCO
type
Specific opinion
body
EP
docs/3
date
2024-03-20T00:00:00
docs
url: https://www.europarl.europa.eu/RegData/commissions/itre/inag/2024/03-20/ITRE_AG(2024)760887_EN.docx title: PE760.887
type
Text agreed during interinstitutional negotiations
body
EP
docs/3/body
Old
EP
New
European Parliament
docs/4
date
2024-03-20T00:00:00
docs
url: https://www.europarl.europa.eu/RegData/commissions/itre/inag/2024/03-20/ITRE_AG(2024)760887_EN.docx title: PE760.887
type
Text agreed during interinstitutional negotiations
body
EP
docs/4
date
2024-03-21T00:00:00
docs
title: GEDA/A/(2024)001687
type
Coreper letter confirming interinstitutional agreement
body
CSL
docs/4/body
Old
CSL
New
Council of the EU
docs/5
date
2024-03-21T00:00:00
docs
title: GEDA/A/(2024)001687
type
Coreper letter confirming interinstitutional agreement
body
CSL
docs/5
date
2024-12-19T00:00:00
docs
title: 00093/2024/LEX
type
Draft final act
body
Council of the EU
docs/6
date
2024-08-08T00:00:00
docs
url: https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0354_en.docx title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
docs/6
date
2023-04-18T00:00:00
docs
summary
type
Legislative proposal
body
European Commission
docs/7
date
2024-08-08T00:00:00
docs
url: https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0354_en.docx title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
docs/7/body
Old
EC
New
European Commission
docs/11
date
2023-07-13T00:00:00
docs
url: https://dmsearch.eesc.europa.eu/search/public?k=(documenttype:AC)(documentnumber:2408)(documentyear:2023)(documentlanguage:EN) title: CES2408/2023
type
ESC
body
Economic and Social Committee: opinion, report
events/0
date
2023-04-18T00:00:00
type
Legislative proposal published
body
EC
docs
summary
events/0
date
2023-04-18T00:00:00
type
Legislative proposal published
body
EC
docs
summary
events/4/summary/10
Committee report tabled for plenary, 1st reading/single reading
events/7/docs/1
title
GEDA/A/(2024)001687
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
events/8
date
2024-04-24T00:00:00
type
Decision by Parliament, 1st reading
body
EP
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0354_EN.html title: T9-0354/2024
summary
events/8/summary/17
Text adopted by Parliament, 1st reading/single reading
events/9
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
events/9
date
2024-04-24T00:00:00
type
Decision by Parliament, 1st reading
body
EP
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0354_EN.html title: T9-0354/2024
summary
events/9/docs/0/url
Old
https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en
New
https://oeil.secure.europarl.europa.eu/oeil/en/sda-vote-result?sdaId=60652
events/10
date
2024-12-02T00:00:00
type
Act adopted by Council after Parliament's 1st reading
body
EP/CSL
procedure/dossier_of_the_committee
Old
  • ITRE/9/11804
New
ITRE/9/11804
procedure/instrument/1
Amending Regulation 2019/881
procedure/instrument/1
Amending Regulation 2019/881 2017/0225(COD)
procedure/instrument/2
2017/0225(COD)
procedure/legal_basis
Old
  • Treaty on the Functioning of the EU TFEU 114
New
Treaty on the Functioning of the EU TFEU 114
procedure/stage_reached
Old
Awaiting Council's 1st reading position
New
Awaiting signature of act
docs/6/docs/0/url
Old
/oeil/spdoc.do?i=60652&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0354_en.docx
docs/6/docs/0/url
Old
/oeil/spdoc.do?i=60652&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0354_en.docx
docs/6/docs/0/url
Old
/oeil/spdoc.do?i=60652&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0354_en.docx
docs/6/docs/0/url
Old
/oeil/spdoc.do?i=60652&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0354_en.docx
docs/6/docs/0/url
Old
/oeil/spdoc.do?i=60652&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0354_en.docx
docs/6/docs/0/url
Old
/oeil/spdoc.do?i=60652&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0354_en.docx
docs/6/docs/0/url
Old
/oeil/spdoc.do?i=60652&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0354_en.docx
docs/6/docs/0/url
Old
/oeil/spdoc.do?i=60652&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0354_en.docx
docs/6/docs/0/url
Old
/oeil/spdoc.do?i=60652&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0354_en.docx
docs/6/docs/0/url
Old
/oeil/spdoc.do?i=60652&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0354_en.docx
docs/6/docs/0/url
Old
/oeil/spdoc.do?i=60652&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0354_en.docx
docs/6/docs/0/url
Old
/oeil/spdoc.do?i=60652&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0354_en.docx
docs/6/docs/0/url
Old
/oeil/spdoc.do?i=60652&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0354_en.docx
docs/6/docs/0/url
Old
/oeil/spdoc.do?i=60652&j=0&l=en
New
nulldistribution/doc/SP-2024-394-TA-9-2024-0354_en.docx
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
docs/6
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60652&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
events/8
date
2024-04-24T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60652&l=en title: Results of vote in Parliament
procedure/Other legal basis
Old
Rules of Procedure EP 159
New
Rules of Procedure EP 165
procedure/Other legal basis
Old
Rules of Procedure EP 159
New
Rules of Procedure EP 165
procedure/Other legal basis
Old
Rules of Procedure EP 159
New
Rules of Procedure EP 165
procedure/Other legal basis
Old
Rules of Procedure EP 159
New
Rules of Procedure EP 165
procedure/Other legal basis
Old
Rules of Procedure EP 159
New
Rules of Procedure EP 165
procedure/Other legal basis
Old
Rules of Procedure EP 159
New
Rules of Procedure EP 165
docs/6
date
2024-04-24T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0354_EN.html title: T9-0354/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/8/summary
  • The European Parliament adopted by 53 votes to 5, with 33 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) 2019/881 as regards managed security services.
  • The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:
  • Subject matter
  • The proposed Regulation aims to enable the adoption of European cybersecurity certification schemes for managed security services. The definition of managed security services under this Regulation includes a non-exhaustive list of managed security services that could qualify for certification schemes, such as incident handling, penetration testing, security audits, and consulting related to technical support.
  • European certification schemes for managed security services should lead to the uptake of those services and to increased competition between providers offering managed security services. Without prejudice for the objective of ensuring sufficient and appropriate levels of relevant technical knowledge and professional integrity of such providers, certification schemes should, therefore, facilitate market entry and the offering of managed security services, by simplifying, to the extent possible, the potential regulatory, administrative and financial burden that providers, especially microenterprises or small and medium-sized enterprises (SMEs), could encounter when offering managed security services.
  • Additionally, in order to encourage the uptake of, and stimulate the demand for, managed security services, the schemes should contribute to the accessibility thereof, especially for smaller actors, such as microenterprises and SMEs, as well as local and regional authorities which have limited capacity and resources, but which are more prone to cybersecurity breaches with financial, legal, reputational, and operational implications.
  • The Union certification scheme for managed security services should contribute to the availability of secure and high-quality services which guarantee a safe digital transition and to the achievement of targets set up in the Digital Decade Policy Programme, especially with regard to the goal that 75% of Union undertakings start using Cloud, AI or Big Data, that more than 90% of microenterprises and SMEs reach at least a basic level of digital intensity and that key public services are offered online.
  • Preparation, adoption and review of a European cybersecurity certification scheme
  • Following a request from the Commission, ENISA will prepare a candidate scheme that meets the applicable requirements set out in the Regulation. Following a request from the European Cybersecurity Certification Group (ECCG) may prepare a candidate scheme that meets the applicable requirements. If ENISA rejects such a request, it will have to give reasons for its refusal. Any decision to reject such an application will be taken by the Management Board.
  • When preparing a candidate scheme, ENISA should consult all relevant stakeholders in a timely manner through a formal, open, transparent and inclusive consultation process. For each candidate scheme, ENISA should set up an ad hoc working group to provide specific advice and expertise. The ad hoc working groups set up for this purpose should include, where appropriate, experts from Member States' public administrations, EU institutions, bodies, offices and agencies and the private sector.
  • Information and consultation on the European cybersecurity certification schemes
  • The Commission should make the information on its request to ENISA to prepare a candidate scheme. During the preparation of a candidate scheme by ENISA, the European Parliament as well as the Council may request the Commission in its capacity as chair of the European Cybersecurity Certification Group (ECCG) and ENISA to present relevant information on a draft candidate scheme on a quarterly basis. Upon the request of the European Parliament or the Council, ENISA, in agreement with the Commission, may make available to the European Parliament and to the Council relevant parts of a draft candidate scheme in a manner appropriate to the confidentiality level required, and where appropriate in a restricted manner.
  • In order to enhance the dialogue between the Union institutions and to contribute to a formal, open, transparent and inclusive consultation process, the European Parliament as well as the Council may invite the Commission and ENISA to discuss matters concerning the functioning of European cybersecurity certification schemes for ICT products, ICT services, ICT processes or managed security services.
  • A new annex contains the requirements to be met by conformity assessment bodies wishing to be accredited.
  • In a statement , the Commission recalled that it is recognised that a thorough review of the Cybersecurity Regulation is of the utmost importance, including the evaluation of the procedures leading to the development, adoption and review of European cybersecurity certification schemes.
  • This review should be based on a deep analysis and broad consultation on the impact, effectiveness and efficiency of the functioning of the European cybersecurity certification framework. The analysis carried out as part of the evaluation established in Article 67 of the Cybersecurity Act should include on-going scheme development activities, such as the one concerning European cybersecurity certification scheme for cloud services (EUCS) as well as those of adopted schemes such as the one concerning the European Common Criteria-based cybersecurity certification scheme (EUCC).
  • Accordingly, the Commission, which is responsible for the review of the Cybersecurity Act, should ensure that the review takes into account as appropriate the necessary elements mentioned in light of Article 67 when presenting the review to the co-legislators.
docs/6
date
2024-04-24T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0354_EN.html title: T9-0354/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/8/summary
  • The European Parliament adopted by 53 votes to 5, with 33 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) 2019/881 as regards managed security services.
  • The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:
  • Subject matter
  • The proposed Regulation aims to enable the adoption of European cybersecurity certification schemes for managed security services. The definition of managed security services under this Regulation includes a non-exhaustive list of managed security services that could qualify for certification schemes, such as incident handling, penetration testing, security audits, and consulting related to technical support.
  • European certification schemes for managed security services should lead to the uptake of those services and to increased competition between providers offering managed security services. Without prejudice for the objective of ensuring sufficient and appropriate levels of relevant technical knowledge and professional integrity of such providers, certification schemes should, therefore, facilitate market entry and the offering of managed security services, by simplifying, to the extent possible, the potential regulatory, administrative and financial burden that providers, especially microenterprises or small and medium-sized enterprises (SMEs), could encounter when offering managed security services.
  • Additionally, in order to encourage the uptake of, and stimulate the demand for, managed security services, the schemes should contribute to the accessibility thereof, especially for smaller actors, such as microenterprises and SMEs, as well as local and regional authorities which have limited capacity and resources, but which are more prone to cybersecurity breaches with financial, legal, reputational, and operational implications.
  • The Union certification scheme for managed security services should contribute to the availability of secure and high-quality services which guarantee a safe digital transition and to the achievement of targets set up in the Digital Decade Policy Programme, especially with regard to the goal that 75% of Union undertakings start using Cloud, AI or Big Data, that more than 90% of microenterprises and SMEs reach at least a basic level of digital intensity and that key public services are offered online.
  • Preparation, adoption and review of a European cybersecurity certification scheme
  • Following a request from the Commission, ENISA will prepare a candidate scheme that meets the applicable requirements set out in the Regulation. Following a request from the European Cybersecurity Certification Group (ECCG) may prepare a candidate scheme that meets the applicable requirements. If ENISA rejects such a request, it will have to give reasons for its refusal. Any decision to reject such an application will be taken by the Management Board.
  • When preparing a candidate scheme, ENISA should consult all relevant stakeholders in a timely manner through a formal, open, transparent and inclusive consultation process. For each candidate scheme, ENISA should set up an ad hoc working group to provide specific advice and expertise. The ad hoc working groups set up for this purpose should include, where appropriate, experts from Member States' public administrations, EU institutions, bodies, offices and agencies and the private sector.
  • Information and consultation on the European cybersecurity certification schemes
  • The Commission should make the information on its request to ENISA to prepare a candidate scheme. During the preparation of a candidate scheme by ENISA, the European Parliament as well as the Council may request the Commission in its capacity as chair of the European Cybersecurity Certification Group (ECCG) and ENISA to present relevant information on a draft candidate scheme on a quarterly basis. Upon the request of the European Parliament or the Council, ENISA, in agreement with the Commission, may make available to the European Parliament and to the Council relevant parts of a draft candidate scheme in a manner appropriate to the confidentiality level required, and where appropriate in a restricted manner.
  • In order to enhance the dialogue between the Union institutions and to contribute to a formal, open, transparent and inclusive consultation process, the European Parliament as well as the Council may invite the Commission and ENISA to discuss matters concerning the functioning of European cybersecurity certification schemes for ICT products, ICT services, ICT processes or managed security services.
  • A new annex contains the requirements to be met by conformity assessment bodies wishing to be accredited.
  • In a statement , the Commission recalled that it is recognised that a thorough review of the Cybersecurity Regulation is of the utmost importance, including the evaluation of the procedures leading to the development, adoption and review of European cybersecurity certification schemes.
  • This review should be based on a deep analysis and broad consultation on the impact, effectiveness and efficiency of the functioning of the European cybersecurity certification framework. The analysis carried out as part of the evaluation established in Article 67 of the Cybersecurity Act should include on-going scheme development activities, such as the one concerning European cybersecurity certification scheme for cloud services (EUCS) as well as those of adopted schemes such as the one concerning the European Common Criteria-based cybersecurity certification scheme (EUCC).
  • Accordingly, the Commission, which is responsible for the review of the Cybersecurity Act, should ensure that the review takes into account as appropriate the necessary elements mentioned in light of Article 67 when presenting the review to the co-legislators.
docs/6
date
2024-04-24T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0354_EN.html title: T9-0354/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/8/summary
  • The European Parliament adopted by 53 votes to 5, with 33 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) 2019/881 as regards managed security services.
  • The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:
  • Subject matter
  • The proposed Regulation aims to enable the adoption of European cybersecurity certification schemes for managed security services. The definition of managed security services under this Regulation includes a non-exhaustive list of managed security services that could qualify for certification schemes, such as incident handling, penetration testing, security audits, and consulting related to technical support.
  • European certification schemes for managed security services should lead to the uptake of those services and to increased competition between providers offering managed security services. Without prejudice for the objective of ensuring sufficient and appropriate levels of relevant technical knowledge and professional integrity of such providers, certification schemes should, therefore, facilitate market entry and the offering of managed security services, by simplifying, to the extent possible, the potential regulatory, administrative and financial burden that providers, especially microenterprises or small and medium-sized enterprises (SMEs), could encounter when offering managed security services.
  • Additionally, in order to encourage the uptake of, and stimulate the demand for, managed security services, the schemes should contribute to the accessibility thereof, especially for smaller actors, such as microenterprises and SMEs, as well as local and regional authorities which have limited capacity and resources, but which are more prone to cybersecurity breaches with financial, legal, reputational, and operational implications.
  • The Union certification scheme for managed security services should contribute to the availability of secure and high-quality services which guarantee a safe digital transition and to the achievement of targets set up in the Digital Decade Policy Programme, especially with regard to the goal that 75% of Union undertakings start using Cloud, AI or Big Data, that more than 90% of microenterprises and SMEs reach at least a basic level of digital intensity and that key public services are offered online.
  • Preparation, adoption and review of a European cybersecurity certification scheme
  • Following a request from the Commission, ENISA will prepare a candidate scheme that meets the applicable requirements set out in the Regulation. Following a request from the European Cybersecurity Certification Group (ECCG) may prepare a candidate scheme that meets the applicable requirements. If ENISA rejects such a request, it will have to give reasons for its refusal. Any decision to reject such an application will be taken by the Management Board.
  • When preparing a candidate scheme, ENISA should consult all relevant stakeholders in a timely manner through a formal, open, transparent and inclusive consultation process. For each candidate scheme, ENISA should set up an ad hoc working group to provide specific advice and expertise. The ad hoc working groups set up for this purpose should include, where appropriate, experts from Member States' public administrations, EU institutions, bodies, offices and agencies and the private sector.
  • Information and consultation on the European cybersecurity certification schemes
  • The Commission should make the information on its request to ENISA to prepare a candidate scheme. During the preparation of a candidate scheme by ENISA, the European Parliament as well as the Council may request the Commission in its capacity as chair of the European Cybersecurity Certification Group (ECCG) and ENISA to present relevant information on a draft candidate scheme on a quarterly basis. Upon the request of the European Parliament or the Council, ENISA, in agreement with the Commission, may make available to the European Parliament and to the Council relevant parts of a draft candidate scheme in a manner appropriate to the confidentiality level required, and where appropriate in a restricted manner.
  • In order to enhance the dialogue between the Union institutions and to contribute to a formal, open, transparent and inclusive consultation process, the European Parliament as well as the Council may invite the Commission and ENISA to discuss matters concerning the functioning of European cybersecurity certification schemes for ICT products, ICT services, ICT processes or managed security services.
  • A new annex contains the requirements to be met by conformity assessment bodies wishing to be accredited.
  • In a statement , the Commission recalled that it is recognised that a thorough review of the Cybersecurity Regulation is of the utmost importance, including the evaluation of the procedures leading to the development, adoption and review of European cybersecurity certification schemes.
  • This review should be based on a deep analysis and broad consultation on the impact, effectiveness and efficiency of the functioning of the European cybersecurity certification framework. The analysis carried out as part of the evaluation established in Article 67 of the Cybersecurity Act should include on-going scheme development activities, such as the one concerning European cybersecurity certification scheme for cloud services (EUCS) as well as those of adopted schemes such as the one concerning the European Common Criteria-based cybersecurity certification scheme (EUCC).
  • Accordingly, the Commission, which is responsible for the review of the Cybersecurity Act, should ensure that the review takes into account as appropriate the necessary elements mentioned in light of Article 67 when presenting the review to the co-legislators.
docs/6
date
2024-04-24T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0354_EN.html title: T9-0354/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/8/summary
  • The European Parliament adopted by 53 votes to 5, with 33 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) 2019/881 as regards managed security services.
  • The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:
  • Subject matter
  • The proposed Regulation aims to enable the adoption of European cybersecurity certification schemes for managed security services. The definition of managed security services under this Regulation includes a non-exhaustive list of managed security services that could qualify for certification schemes, such as incident handling, penetration testing, security audits, and consulting related to technical support.
  • European certification schemes for managed security services should lead to the uptake of those services and to increased competition between providers offering managed security services. Without prejudice for the objective of ensuring sufficient and appropriate levels of relevant technical knowledge and professional integrity of such providers, certification schemes should, therefore, facilitate market entry and the offering of managed security services, by simplifying, to the extent possible, the potential regulatory, administrative and financial burden that providers, especially microenterprises or small and medium-sized enterprises (SMEs), could encounter when offering managed security services.
  • Additionally, in order to encourage the uptake of, and stimulate the demand for, managed security services, the schemes should contribute to the accessibility thereof, especially for smaller actors, such as microenterprises and SMEs, as well as local and regional authorities which have limited capacity and resources, but which are more prone to cybersecurity breaches with financial, legal, reputational, and operational implications.
  • The Union certification scheme for managed security services should contribute to the availability of secure and high-quality services which guarantee a safe digital transition and to the achievement of targets set up in the Digital Decade Policy Programme, especially with regard to the goal that 75% of Union undertakings start using Cloud, AI or Big Data, that more than 90% of microenterprises and SMEs reach at least a basic level of digital intensity and that key public services are offered online.
  • Preparation, adoption and review of a European cybersecurity certification scheme
  • Following a request from the Commission, ENISA will prepare a candidate scheme that meets the applicable requirements set out in the Regulation. Following a request from the European Cybersecurity Certification Group (ECCG) may prepare a candidate scheme that meets the applicable requirements. If ENISA rejects such a request, it will have to give reasons for its refusal. Any decision to reject such an application will be taken by the Management Board.
  • When preparing a candidate scheme, ENISA should consult all relevant stakeholders in a timely manner through a formal, open, transparent and inclusive consultation process. For each candidate scheme, ENISA should set up an ad hoc working group to provide specific advice and expertise. The ad hoc working groups set up for this purpose should include, where appropriate, experts from Member States' public administrations, EU institutions, bodies, offices and agencies and the private sector.
  • Information and consultation on the European cybersecurity certification schemes
  • The Commission should make the information on its request to ENISA to prepare a candidate scheme. During the preparation of a candidate scheme by ENISA, the European Parliament as well as the Council may request the Commission in its capacity as chair of the European Cybersecurity Certification Group (ECCG) and ENISA to present relevant information on a draft candidate scheme on a quarterly basis. Upon the request of the European Parliament or the Council, ENISA, in agreement with the Commission, may make available to the European Parliament and to the Council relevant parts of a draft candidate scheme in a manner appropriate to the confidentiality level required, and where appropriate in a restricted manner.
  • In order to enhance the dialogue between the Union institutions and to contribute to a formal, open, transparent and inclusive consultation process, the European Parliament as well as the Council may invite the Commission and ENISA to discuss matters concerning the functioning of European cybersecurity certification schemes for ICT products, ICT services, ICT processes or managed security services.
  • A new annex contains the requirements to be met by conformity assessment bodies wishing to be accredited.
  • In a statement , the Commission recalled that it is recognised that a thorough review of the Cybersecurity Regulation is of the utmost importance, including the evaluation of the procedures leading to the development, adoption and review of European cybersecurity certification schemes.
  • This review should be based on a deep analysis and broad consultation on the impact, effectiveness and efficiency of the functioning of the European cybersecurity certification framework. The analysis carried out as part of the evaluation established in Article 67 of the Cybersecurity Act should include on-going scheme development activities, such as the one concerning European cybersecurity certification scheme for cloud services (EUCS) as well as those of adopted schemes such as the one concerning the European Common Criteria-based cybersecurity certification scheme (EUCC).
  • Accordingly, the Commission, which is responsible for the review of the Cybersecurity Act, should ensure that the review takes into account as appropriate the necessary elements mentioned in light of Article 67 when presenting the review to the co-legislators.
docs/6
date
2024-04-24T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0354_EN.html title: T9-0354/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/8/summary
  • The European Parliament adopted by 53 votes to 5, with 33 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) 2019/881 as regards managed security services.
  • The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:
  • Subject matter
  • The proposed Regulation aims to enable the adoption of European cybersecurity certification schemes for managed security services. The definition of managed security services under this Regulation includes a non-exhaustive list of managed security services that could qualify for certification schemes, such as incident handling, penetration testing, security audits, and consulting related to technical support.
  • European certification schemes for managed security services should lead to the uptake of those services and to increased competition between providers offering managed security services. Without prejudice for the objective of ensuring sufficient and appropriate levels of relevant technical knowledge and professional integrity of such providers, certification schemes should, therefore, facilitate market entry and the offering of managed security services, by simplifying, to the extent possible, the potential regulatory, administrative and financial burden that providers, especially microenterprises or small and medium-sized enterprises (SMEs), could encounter when offering managed security services.
  • Additionally, in order to encourage the uptake of, and stimulate the demand for, managed security services, the schemes should contribute to the accessibility thereof, especially for smaller actors, such as microenterprises and SMEs, as well as local and regional authorities which have limited capacity and resources, but which are more prone to cybersecurity breaches with financial, legal, reputational, and operational implications.
  • The Union certification scheme for managed security services should contribute to the availability of secure and high-quality services which guarantee a safe digital transition and to the achievement of targets set up in the Digital Decade Policy Programme, especially with regard to the goal that 75% of Union undertakings start using Cloud, AI or Big Data, that more than 90% of microenterprises and SMEs reach at least a basic level of digital intensity and that key public services are offered online.
  • Preparation, adoption and review of a European cybersecurity certification scheme
  • Following a request from the Commission, ENISA will prepare a candidate scheme that meets the applicable requirements set out in the Regulation. Following a request from the European Cybersecurity Certification Group (ECCG) may prepare a candidate scheme that meets the applicable requirements. If ENISA rejects such a request, it will have to give reasons for its refusal. Any decision to reject such an application will be taken by the Management Board.
  • When preparing a candidate scheme, ENISA should consult all relevant stakeholders in a timely manner through a formal, open, transparent and inclusive consultation process. For each candidate scheme, ENISA should set up an ad hoc working group to provide specific advice and expertise. The ad hoc working groups set up for this purpose should include, where appropriate, experts from Member States' public administrations, EU institutions, bodies, offices and agencies and the private sector.
  • Information and consultation on the European cybersecurity certification schemes
  • The Commission should make the information on its request to ENISA to prepare a candidate scheme. During the preparation of a candidate scheme by ENISA, the European Parliament as well as the Council may request the Commission in its capacity as chair of the European Cybersecurity Certification Group (ECCG) and ENISA to present relevant information on a draft candidate scheme on a quarterly basis. Upon the request of the European Parliament or the Council, ENISA, in agreement with the Commission, may make available to the European Parliament and to the Council relevant parts of a draft candidate scheme in a manner appropriate to the confidentiality level required, and where appropriate in a restricted manner.
  • In order to enhance the dialogue between the Union institutions and to contribute to a formal, open, transparent and inclusive consultation process, the European Parliament as well as the Council may invite the Commission and ENISA to discuss matters concerning the functioning of European cybersecurity certification schemes for ICT products, ICT services, ICT processes or managed security services.
  • A new annex contains the requirements to be met by conformity assessment bodies wishing to be accredited.
  • In a statement , the Commission recalled that it is recognised that a thorough review of the Cybersecurity Regulation is of the utmost importance, including the evaluation of the procedures leading to the development, adoption and review of European cybersecurity certification schemes.
  • This review should be based on a deep analysis and broad consultation on the impact, effectiveness and efficiency of the functioning of the European cybersecurity certification framework. The analysis carried out as part of the evaluation established in Article 67 of the Cybersecurity Act should include on-going scheme development activities, such as the one concerning European cybersecurity certification scheme for cloud services (EUCS) as well as those of adopted schemes such as the one concerning the European Common Criteria-based cybersecurity certification scheme (EUCC).
  • Accordingly, the Commission, which is responsible for the review of the Cybersecurity Act, should ensure that the review takes into account as appropriate the necessary elements mentioned in light of Article 67 when presenting the review to the co-legislators.
docs/6
date
2024-04-24T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0354_EN.html title: T9-0354/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/8/summary
  • The European Parliament adopted by 53 votes to 5, with 33 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) 2019/881 as regards managed security services.
  • The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:
  • Subject matter
  • The proposed Regulation aims to enable the adoption of European cybersecurity certification schemes for managed security services. The definition of managed security services under this Regulation includes a non-exhaustive list of managed security services that could qualify for certification schemes, such as incident handling, penetration testing, security audits, and consulting related to technical support.
  • European certification schemes for managed security services should lead to the uptake of those services and to increased competition between providers offering managed security services. Without prejudice for the objective of ensuring sufficient and appropriate levels of relevant technical knowledge and professional integrity of such providers, certification schemes should, therefore, facilitate market entry and the offering of managed security services, by simplifying, to the extent possible, the potential regulatory, administrative and financial burden that providers, especially microenterprises or small and medium-sized enterprises (SMEs), could encounter when offering managed security services.
  • Additionally, in order to encourage the uptake of, and stimulate the demand for, managed security services, the schemes should contribute to the accessibility thereof, especially for smaller actors, such as microenterprises and SMEs, as well as local and regional authorities which have limited capacity and resources, but which are more prone to cybersecurity breaches with financial, legal, reputational, and operational implications.
  • The Union certification scheme for managed security services should contribute to the availability of secure and high-quality services which guarantee a safe digital transition and to the achievement of targets set up in the Digital Decade Policy Programme, especially with regard to the goal that 75% of Union undertakings start using Cloud, AI or Big Data, that more than 90% of microenterprises and SMEs reach at least a basic level of digital intensity and that key public services are offered online.
  • Preparation, adoption and review of a European cybersecurity certification scheme
  • Following a request from the Commission, ENISA will prepare a candidate scheme that meets the applicable requirements set out in the Regulation. Following a request from the European Cybersecurity Certification Group (ECCG) may prepare a candidate scheme that meets the applicable requirements. If ENISA rejects such a request, it will have to give reasons for its refusal. Any decision to reject such an application will be taken by the Management Board.
  • When preparing a candidate scheme, ENISA should consult all relevant stakeholders in a timely manner through a formal, open, transparent and inclusive consultation process. For each candidate scheme, ENISA should set up an ad hoc working group to provide specific advice and expertise. The ad hoc working groups set up for this purpose should include, where appropriate, experts from Member States' public administrations, EU institutions, bodies, offices and agencies and the private sector.
  • Information and consultation on the European cybersecurity certification schemes
  • The Commission should make the information on its request to ENISA to prepare a candidate scheme. During the preparation of a candidate scheme by ENISA, the European Parliament as well as the Council may request the Commission in its capacity as chair of the European Cybersecurity Certification Group (ECCG) and ENISA to present relevant information on a draft candidate scheme on a quarterly basis. Upon the request of the European Parliament or the Council, ENISA, in agreement with the Commission, may make available to the European Parliament and to the Council relevant parts of a draft candidate scheme in a manner appropriate to the confidentiality level required, and where appropriate in a restricted manner.
  • In order to enhance the dialogue between the Union institutions and to contribute to a formal, open, transparent and inclusive consultation process, the European Parliament as well as the Council may invite the Commission and ENISA to discuss matters concerning the functioning of European cybersecurity certification schemes for ICT products, ICT services, ICT processes or managed security services.
  • A new annex contains the requirements to be met by conformity assessment bodies wishing to be accredited.
  • In a statement , the Commission recalled that it is recognised that a thorough review of the Cybersecurity Regulation is of the utmost importance, including the evaluation of the procedures leading to the development, adoption and review of European cybersecurity certification schemes.
  • This review should be based on a deep analysis and broad consultation on the impact, effectiveness and efficiency of the functioning of the European cybersecurity certification framework. The analysis carried out as part of the evaluation established in Article 67 of the Cybersecurity Act should include on-going scheme development activities, such as the one concerning European cybersecurity certification scheme for cloud services (EUCS) as well as those of adopted schemes such as the one concerning the European Common Criteria-based cybersecurity certification scheme (EUCC).
  • Accordingly, the Commission, which is responsible for the review of the Cybersecurity Act, should ensure that the review takes into account as appropriate the necessary elements mentioned in light of Article 67 when presenting the review to the co-legislators.
docs/6
date
2024-04-24T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0354_EN.html title: T9-0354/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/8/summary
  • The European Parliament adopted by 53 votes to 5, with 33 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) 2019/881 as regards managed security services.
  • The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:
  • Subject matter
  • The proposed Regulation aims to enable the adoption of European cybersecurity certification schemes for managed security services. The definition of managed security services under this Regulation includes a non-exhaustive list of managed security services that could qualify for certification schemes, such as incident handling, penetration testing, security audits, and consulting related to technical support.
  • European certification schemes for managed security services should lead to the uptake of those services and to increased competition between providers offering managed security services. Without prejudice for the objective of ensuring sufficient and appropriate levels of relevant technical knowledge and professional integrity of such providers, certification schemes should, therefore, facilitate market entry and the offering of managed security services, by simplifying, to the extent possible, the potential regulatory, administrative and financial burden that providers, especially microenterprises or small and medium-sized enterprises (SMEs), could encounter when offering managed security services.
  • Additionally, in order to encourage the uptake of, and stimulate the demand for, managed security services, the schemes should contribute to the accessibility thereof, especially for smaller actors, such as microenterprises and SMEs, as well as local and regional authorities which have limited capacity and resources, but which are more prone to cybersecurity breaches with financial, legal, reputational, and operational implications.
  • The Union certification scheme for managed security services should contribute to the availability of secure and high-quality services which guarantee a safe digital transition and to the achievement of targets set up in the Digital Decade Policy Programme, especially with regard to the goal that 75% of Union undertakings start using Cloud, AI or Big Data, that more than 90% of microenterprises and SMEs reach at least a basic level of digital intensity and that key public services are offered online.
  • Preparation, adoption and review of a European cybersecurity certification scheme
  • Following a request from the Commission, ENISA will prepare a candidate scheme that meets the applicable requirements set out in the Regulation. Following a request from the European Cybersecurity Certification Group (ECCG) may prepare a candidate scheme that meets the applicable requirements. If ENISA rejects such a request, it will have to give reasons for its refusal. Any decision to reject such an application will be taken by the Management Board.
  • When preparing a candidate scheme, ENISA should consult all relevant stakeholders in a timely manner through a formal, open, transparent and inclusive consultation process. For each candidate scheme, ENISA should set up an ad hoc working group to provide specific advice and expertise. The ad hoc working groups set up for this purpose should include, where appropriate, experts from Member States' public administrations, EU institutions, bodies, offices and agencies and the private sector.
  • Information and consultation on the European cybersecurity certification schemes
  • The Commission should make the information on its request to ENISA to prepare a candidate scheme. During the preparation of a candidate scheme by ENISA, the European Parliament as well as the Council may request the Commission in its capacity as chair of the European Cybersecurity Certification Group (ECCG) and ENISA to present relevant information on a draft candidate scheme on a quarterly basis. Upon the request of the European Parliament or the Council, ENISA, in agreement with the Commission, may make available to the European Parliament and to the Council relevant parts of a draft candidate scheme in a manner appropriate to the confidentiality level required, and where appropriate in a restricted manner.
  • In order to enhance the dialogue between the Union institutions and to contribute to a formal, open, transparent and inclusive consultation process, the European Parliament as well as the Council may invite the Commission and ENISA to discuss matters concerning the functioning of European cybersecurity certification schemes for ICT products, ICT services, ICT processes or managed security services.
  • A new annex contains the requirements to be met by conformity assessment bodies wishing to be accredited.
  • In a statement , the Commission recalled that it is recognised that a thorough review of the Cybersecurity Regulation is of the utmost importance, including the evaluation of the procedures leading to the development, adoption and review of European cybersecurity certification schemes.
  • This review should be based on a deep analysis and broad consultation on the impact, effectiveness and efficiency of the functioning of the European cybersecurity certification framework. The analysis carried out as part of the evaluation established in Article 67 of the Cybersecurity Act should include on-going scheme development activities, such as the one concerning European cybersecurity certification scheme for cloud services (EUCS) as well as those of adopted schemes such as the one concerning the European Common Criteria-based cybersecurity certification scheme (EUCC).
  • Accordingly, the Commission, which is responsible for the review of the Cybersecurity Act, should ensure that the review takes into account as appropriate the necessary elements mentioned in light of Article 67 when presenting the review to the co-legislators.
docs/6
date
2024-04-24T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0354_EN.html title: T9-0354/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/8/summary
  • The European Parliament adopted by 53 votes to 5, with 33 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) 2019/881 as regards managed security services.
  • The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:
  • Subject matter
  • The proposed Regulation aims to enable the adoption of European cybersecurity certification schemes for managed security services. The definition of managed security services under this Regulation includes a non-exhaustive list of managed security services that could qualify for certification schemes, such as incident handling, penetration testing, security audits, and consulting related to technical support.
  • European certification schemes for managed security services should lead to the uptake of those services and to increased competition between providers offering managed security services. Without prejudice for the objective of ensuring sufficient and appropriate levels of relevant technical knowledge and professional integrity of such providers, certification schemes should, therefore, facilitate market entry and the offering of managed security services, by simplifying, to the extent possible, the potential regulatory, administrative and financial burden that providers, especially microenterprises or small and medium-sized enterprises (SMEs), could encounter when offering managed security services.
  • Additionally, in order to encourage the uptake of, and stimulate the demand for, managed security services, the schemes should contribute to the accessibility thereof, especially for smaller actors, such as microenterprises and SMEs, as well as local and regional authorities which have limited capacity and resources, but which are more prone to cybersecurity breaches with financial, legal, reputational, and operational implications.
  • The Union certification scheme for managed security services should contribute to the availability of secure and high-quality services which guarantee a safe digital transition and to the achievement of targets set up in the Digital Decade Policy Programme, especially with regard to the goal that 75% of Union undertakings start using Cloud, AI or Big Data, that more than 90% of microenterprises and SMEs reach at least a basic level of digital intensity and that key public services are offered online.
  • Preparation, adoption and review of a European cybersecurity certification scheme
  • Following a request from the Commission, ENISA will prepare a candidate scheme that meets the applicable requirements set out in the Regulation. Following a request from the European Cybersecurity Certification Group (ECCG) may prepare a candidate scheme that meets the applicable requirements. If ENISA rejects such a request, it will have to give reasons for its refusal. Any decision to reject such an application will be taken by the Management Board.
  • When preparing a candidate scheme, ENISA should consult all relevant stakeholders in a timely manner through a formal, open, transparent and inclusive consultation process. For each candidate scheme, ENISA should set up an ad hoc working group to provide specific advice and expertise. The ad hoc working groups set up for this purpose should include, where appropriate, experts from Member States' public administrations, EU institutions, bodies, offices and agencies and the private sector.
  • Information and consultation on the European cybersecurity certification schemes
  • The Commission should make the information on its request to ENISA to prepare a candidate scheme. During the preparation of a candidate scheme by ENISA, the European Parliament as well as the Council may request the Commission in its capacity as chair of the European Cybersecurity Certification Group (ECCG) and ENISA to present relevant information on a draft candidate scheme on a quarterly basis. Upon the request of the European Parliament or the Council, ENISA, in agreement with the Commission, may make available to the European Parliament and to the Council relevant parts of a draft candidate scheme in a manner appropriate to the confidentiality level required, and where appropriate in a restricted manner.
  • In order to enhance the dialogue between the Union institutions and to contribute to a formal, open, transparent and inclusive consultation process, the European Parliament as well as the Council may invite the Commission and ENISA to discuss matters concerning the functioning of European cybersecurity certification schemes for ICT products, ICT services, ICT processes or managed security services.
  • A new annex contains the requirements to be met by conformity assessment bodies wishing to be accredited.
  • In a statement , the Commission recalled that it is recognised that a thorough review of the Cybersecurity Regulation is of the utmost importance, including the evaluation of the procedures leading to the development, adoption and review of European cybersecurity certification schemes.
  • This review should be based on a deep analysis and broad consultation on the impact, effectiveness and efficiency of the functioning of the European cybersecurity certification framework. The analysis carried out as part of the evaluation established in Article 67 of the Cybersecurity Act should include on-going scheme development activities, such as the one concerning European cybersecurity certification scheme for cloud services (EUCS) as well as those of adopted schemes such as the one concerning the European Common Criteria-based cybersecurity certification scheme (EUCC).
  • Accordingly, the Commission, which is responsible for the review of the Cybersecurity Act, should ensure that the review takes into account as appropriate the necessary elements mentioned in light of Article 67 when presenting the review to the co-legislators.
docs/6
date
2024-04-24T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0354_EN.html title: T9-0354/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/8/summary
  • The European Parliament adopted by 53 votes to 5, with 33 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) 2019/881 as regards managed security services.
  • The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:
  • Subject matter
  • The proposed Regulation aims to enable the adoption of European cybersecurity certification schemes for managed security services. The definition of managed security services under this Regulation includes a non-exhaustive list of managed security services that could qualify for certification schemes, such as incident handling, penetration testing, security audits, and consulting related to technical support.
  • European certification schemes for managed security services should lead to the uptake of those services and to increased competition between providers offering managed security services. Without prejudice for the objective of ensuring sufficient and appropriate levels of relevant technical knowledge and professional integrity of such providers, certification schemes should, therefore, facilitate market entry and the offering of managed security services, by simplifying, to the extent possible, the potential regulatory, administrative and financial burden that providers, especially microenterprises or small and medium-sized enterprises (SMEs), could encounter when offering managed security services.
  • Additionally, in order to encourage the uptake of, and stimulate the demand for, managed security services, the schemes should contribute to the accessibility thereof, especially for smaller actors, such as microenterprises and SMEs, as well as local and regional authorities which have limited capacity and resources, but which are more prone to cybersecurity breaches with financial, legal, reputational, and operational implications.
  • The Union certification scheme for managed security services should contribute to the availability of secure and high-quality services which guarantee a safe digital transition and to the achievement of targets set up in the Digital Decade Policy Programme, especially with regard to the goal that 75% of Union undertakings start using Cloud, AI or Big Data, that more than 90% of microenterprises and SMEs reach at least a basic level of digital intensity and that key public services are offered online.
  • Preparation, adoption and review of a European cybersecurity certification scheme
  • Following a request from the Commission, ENISA will prepare a candidate scheme that meets the applicable requirements set out in the Regulation. Following a request from the European Cybersecurity Certification Group (ECCG) may prepare a candidate scheme that meets the applicable requirements. If ENISA rejects such a request, it will have to give reasons for its refusal. Any decision to reject such an application will be taken by the Management Board.
  • When preparing a candidate scheme, ENISA should consult all relevant stakeholders in a timely manner through a formal, open, transparent and inclusive consultation process. For each candidate scheme, ENISA should set up an ad hoc working group to provide specific advice and expertise. The ad hoc working groups set up for this purpose should include, where appropriate, experts from Member States' public administrations, EU institutions, bodies, offices and agencies and the private sector.
  • Information and consultation on the European cybersecurity certification schemes
  • The Commission should make the information on its request to ENISA to prepare a candidate scheme. During the preparation of a candidate scheme by ENISA, the European Parliament as well as the Council may request the Commission in its capacity as chair of the European Cybersecurity Certification Group (ECCG) and ENISA to present relevant information on a draft candidate scheme on a quarterly basis. Upon the request of the European Parliament or the Council, ENISA, in agreement with the Commission, may make available to the European Parliament and to the Council relevant parts of a draft candidate scheme in a manner appropriate to the confidentiality level required, and where appropriate in a restricted manner.
  • In order to enhance the dialogue between the Union institutions and to contribute to a formal, open, transparent and inclusive consultation process, the European Parliament as well as the Council may invite the Commission and ENISA to discuss matters concerning the functioning of European cybersecurity certification schemes for ICT products, ICT services, ICT processes or managed security services.
  • A new annex contains the requirements to be met by conformity assessment bodies wishing to be accredited.
  • In a statement , the Commission recalled that it is recognised that a thorough review of the Cybersecurity Regulation is of the utmost importance, including the evaluation of the procedures leading to the development, adoption and review of European cybersecurity certification schemes.
  • This review should be based on a deep analysis and broad consultation on the impact, effectiveness and efficiency of the functioning of the European cybersecurity certification framework. The analysis carried out as part of the evaluation established in Article 67 of the Cybersecurity Act should include on-going scheme development activities, such as the one concerning European cybersecurity certification scheme for cloud services (EUCS) as well as those of adopted schemes such as the one concerning the European Common Criteria-based cybersecurity certification scheme (EUCC).
  • Accordingly, the Commission, which is responsible for the review of the Cybersecurity Act, should ensure that the review takes into account as appropriate the necessary elements mentioned in light of Article 67 when presenting the review to the co-legislators.
docs/6
date
2024-04-24T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0354_EN.html title: T9-0354/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/8
date
2024-04-24T00:00:00
type
Decision by Parliament, 1st reading
body
EP
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0354_EN.html title: T9-0354/2024
forecasts
  • date: 2024-04-22T00:00:00 title: Indicative plenary sitting date
procedure/stage_reached
Old
Awaiting Parliament's position in 1st reading
New
Awaiting Council's 1st reading position
docs/6
date
2024-04-24T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0354_EN.html title: T9-0354/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/8
date
2024-04-24T00:00:00
type
Decision by Parliament, 1st reading
body
EP
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0354_EN.html title: T9-0354/2024
forecasts
  • date: 2024-04-22T00:00:00 title: Indicative plenary sitting date
procedure/stage_reached
Old
Awaiting Parliament's position in 1st reading
New
Awaiting Council's 1st reading position
forecasts/0
date
2024-04-24T00:00:00
title
Vote scheduled
forecasts/0
date
2024-04-22T00:00:00
title
Indicative plenary sitting date
forecasts/0
date
2024-04-24T00:00:00
title
Vote in plenary scheduled
forecasts/0
date
2024-04-22T00:00:00
title
Indicative plenary sitting date
forecasts/0
date
2024-04-24T00:00:00
title
Vote in plenary scheduled
forecasts/0
date
2024-04-22T00:00:00
title
Indicative plenary sitting date
forecasts/0
date
2024-04-24T00:00:00
title
Vote in plenary scheduled
forecasts/0
date
2024-04-22T00:00:00
title
Indicative plenary sitting date
forecasts/0
date
2024-04-24T00:00:00
title
Vote in plenary scheduled
forecasts/0
date
2024-04-22T00:00:00
title
Indicative plenary sitting date
forecasts/0
date
2024-04-24T00:00:00
title
Vote in plenary scheduled
forecasts/0
date
2024-04-22T00:00:00
title
Indicative plenary sitting date
docs/4
date
2024-03-20T00:00:00
docs
url: https://www.europarl.europa.eu/RegData/commissions/itre/inag/2024/03-20/ITRE_AG(2024)760887_EN.docx title: PE760.887
type
Text agreed during interinstitutional negotiations
body
EP
events/7/docs
  • url: https://www.europarl.europa.eu/RegData/commissions/itre/inag/2024/03-20/ITRE_AG(2024)760887_EN.docx title: PE760.887
docs/4
date
2024-03-20T00:00:00
docs
url: https://www.europarl.europa.eu/RegData/commissions/itre/inag/2024/03-20/ITRE_AG(2024)760887_EN.docx title: PE760.887
type
Text agreed during interinstitutional negotiations
body
EP
events/7/docs
  • url: https://www.europarl.europa.eu/RegData/commissions/itre/inag/2024/03-20/ITRE_AG(2024)760887_EN.docx title: PE760.887
docs/4
date
2024-03-20T00:00:00
docs
url: https://www.europarl.europa.eu/RegData/commissions/itre/inag/2024/03-20/ITRE_AG(2024)760887_EN.docx title: PE760.887
type
Text agreed during interinstitutional negotiations
body
EP
events/7/docs
  • url: https://www.europarl.europa.eu/RegData/commissions/itre/inag/2024/03-20/ITRE_AG(2024)760887_EN.docx title: PE760.887
docs/4
date
2024-03-20T00:00:00
docs
url: https://www.europarl.europa.eu/RegData/commissions/itre/inag/2024/03-20/ITRE_AG(2024)760887_EN.docx title: PE760.887
type
Text agreed during interinstitutional negotiations
body
EP
events/7/docs
  • url: https://www.europarl.europa.eu/RegData/commissions/itre/inag/2024/03-20/ITRE_AG(2024)760887_EN.docx title: PE760.887
docs/4
date
2024-03-20T00:00:00
docs
url: https://www.europarl.europa.eu/RegData/commissions/itre/inag/2024/03-20/ITRE_AG(2024)760887_EN.docx title: PE760.887
type
Text agreed during interinstitutional negotiations
body
EP
events/7/docs
  • url: https://www.europarl.europa.eu/RegData/commissions/itre/inag/2024/03-20/ITRE_AG(2024)760887_EN.docx title: PE760.887
docs/4
date
2024-03-20T00:00:00
docs
url: https://www.europarl.europa.eu/RegData/commissions/itre/inag/2024/03-20/ITRE_AG(2024)760887_EN.docx title: PE760.887
type
Text agreed during interinstitutional negotiations
body
EP
events/7/docs
  • url: https://www.europarl.europa.eu/RegData/commissions/itre/inag/2024/03-20/ITRE_AG(2024)760887_EN.docx title: PE760.887
docs/4
date
2024-03-21T00:00:00
docs
title: GEDA/A/(2024)001687
type
Coreper letter confirming interinstitutional agreement
body
CSL
events/7
date
2024-03-20T00:00:00
type
Approval in committee of the text agreed at 1st reading interinstitutional negotiations
body
EP
docs/4
date
2024-03-21T00:00:00
docs
title: GEDA/A/(2024)001687
type
Coreper letter confirming interinstitutional agreement
body
CSL
events/7
date
2024-03-20T00:00:00
type
Approval in committee of the text agreed at 1st reading interinstitutional negotiations
body
EP
docs/4
date
2024-03-21T00:00:00
docs
title: GEDA/A/(2024)001687
type
Coreper letter confirming interinstitutional agreement
body
CSL
events/7
date
2024-03-20T00:00:00
type
Approval in committee of the text agreed at 1st reading interinstitutional negotiations
body
EP
docs
title: GEDA/A/(2024)001687
docs/4
date
2024-03-21T00:00:00
docs
title: GEDA/A/(2024)001687
type
Coreper letter confirming interinstitutional agreement
body
CSL
events/7
date
2024-03-20T00:00:00
type
Approval in committee of the text agreed at 1st reading interinstitutional negotiations
body
EP
docs
title: GEDA/A/(2024)001687
docs/4
date
2024-03-21T00:00:00
docs
title: GEDA/A/(2024)001687
type
Coreper letter confirming interinstitutional agreement
body
CSL
events/7
date
2024-03-20T00:00:00
type
Approval in committee of the text agreed at 1st reading interinstitutional negotiations
body
EP
docs
title: GEDA/A/(2024)001687
forecasts/0/date
Old
2024-03-11T00:00:00
New
2024-04-22T00:00:00
forecasts/0/date
Old
2024-04-10T00:00:00
New
2024-03-11T00:00:00
forecasts/0/date
Old
2024-02-05T00:00:00
New
2024-04-10T00:00:00
forecasts
  • date: 2024-02-05T00:00:00 title: Indicative plenary sitting date
links
Research document
docs/4
date
2023-10-26T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/A-9-2023-0307_EN.html title: A9-0307/2023
type
Committee report tabled for plenary, 1st reading/single reading
body
EP
events/4/summary
  • The Committee on Industry, Research and Energy adopted the report by Josianne CUTAJAR (S&D, MT) on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) 2019/881 as regards managed security services.
  • The committee responsible recommended that the European Parliament's position adopted at first reading under the ordinary legislative procedure should amend the proposal as follows:
  • Changes to the definition of managed security service
  • The report stated that managed security services, which are services consisting of carrying out, or providing assistance for, activities relating to their customers’ cybersecurity risk management, including detection, response to or recovery from incidents, have gained increasing importance in the prevention and mitigation of cybersecurity incidents. The activities of the providers of managed security services consist of services relating to prevention, identification, protection, detection, analysis, containment, response and recovery, including, but not limited to, cyber threat intelligence provision, real time threat monitoring through proactive techniques, including security-by-design, risk assessment, extended detection, remediation and response.
  • The Union rolling work programme for European cybersecurity certification
  • According to Members, the Union rolling work programme should include a list of ICT products, ICT services and ICT processes or categories thereof, and managed security services, that are capable of benefiting from being included in the scope of a European cybersecurity certification scheme. In that context, the Commission should include an in-depth assessment of existing training paths to bridge identified skills gaps and a list of proposals for addressing the needs for skilled employees and types of skills.
  • SMEs
  • Members considered that the Commission should ensure appropriate financial support in the regulatory framework of existing Union programmes, in particular in order to ease the financial burden on microenterprises and SMEs, including start-ups acting in the field of managed security services.
  • Evaluation and review
  • By 28 June 2024, and every three years thereafter, the Commission should assess the impact, effectiveness and efficiency of ENISA and of its working practices, the possible need to modify ENISA’s mandate and the financial implications of any such modification. The evaluation should assess: (i) the efficiency and effectiveness of the procedures leading to consultation, preparation and adoption of European cybersecurity certification schemes, as well as ways to improve and accelerate those procedures; (ii) whether essential cybersecurity requirements for access to the internal market are necessary in order to prevent ICT products, ICT services, ICT processes and managed security services which do not meet basic cybersecurity requirements from entering the Union market.
events/6
date
2023-11-09T00:00:00
type
Committee decision to enter into interinstitutional negotiations confirmed by plenary (Rule 71)
body
EP
events/5
date
2023-11-08T00:00:00
type
Committee decision to enter into interinstitutional negotiations announced in plenary (Rule 71)
body
EP
docs/4
date
2023-06-28T00:00:00
docs
url: https://connectfolx.europarl.europa.eu/connefof/app/exp/COM(2023)0208 title: COM(2023)0208
type
Contribution
body
CZ_CHAMBER
docs/4
date
2023-10-26T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/A-9-2023-0307_EN.html title: A9-0307/2023
type
Committee report tabled for plenary, 1st reading/single reading
body
EP
docs/5
date
2023-06-28T00:00:00
docs
url: https://connectfolx.europarl.europa.eu/connefof/app/exp/COM(2023)0208 title: COM(2023)0208
type
Contribution
body
CZ_CHAMBER
docs/5
date
2023-07-19T00:00:00
docs
url: https://connectfolx.europarl.europa.eu/connefof/app/exp/COM(2023)0208 title: COM(2023)0208
type
Contribution
body
PT_PARLIAMENT
docs/5/date
Old
2023-06-28T00:00:00
New
2023-06-29T00:00:00
docs/6
date
2023-07-19T00:00:00
docs
url: https://connectfolx.europarl.europa.eu/connefof/app/exp/COM(2023)0208 title: COM(2023)0208
type
Contribution
body
PT_PARLIAMENT
docs/6
date
2023-07-31T00:00:00
docs
url: https://connectfolx.europarl.europa.eu/connefof/app/exp/COM(2023)0208 title: COM(2023)0208
type
Contribution
body
CZ_SENATE
docs/6/date
Old
2023-07-19T00:00:00
New
2023-07-20T00:00:00
docs/7
date
2023-07-31T00:00:00
docs
url: https://connectfolx.europarl.europa.eu/connefof/app/exp/COM(2023)0208 title: COM(2023)0208
type
Contribution
body
CZ_SENATE
docs/7/date
Old
2023-07-31T00:00:00
New
2023-08-01T00:00:00
events/4
date
2023-10-26T00:00:00
type
Committee report tabled for plenary, 1st reading
body
EP
docs
url: https://www.europarl.europa.eu/doceo/document/A-9-2023-0307_EN.html title: A9-0307/2023
procedure/stage_reached
Old
Awaiting committee decision
New
Awaiting Parliament's position in 1st reading
events/2
date
2023-10-25T00:00:00
type
Vote in committee, 1st reading
body
EP
events/3
date
2023-10-25T00:00:00
type
Committee decision to open interinstitutional negotiations with report adopted in committee
body
EP
procedure/Other legal basis
Rules of Procedure EP 159
docs/2
date
2023-09-21T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/ITRE-AM-753562_EN.html title: PE753.562
type
Amendments tabled in committee
body
EP
docs/3
date
2023-09-21T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/IMCO-AL-749983_EN.html title: PE749.983
committee
IMCO
type
Specific opinion
body
EP
docs/1
date
2023-09-07T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/ITRE-PR-752802_EN.html title: PE752.802
type
Committee draft report
body
EP
docs/3
date
2023-07-31T00:00:00
docs
url: https://connectfolx.europarl.europa.eu/connefof/app/exp/COM(2023)0208 title: COM(2023)0208
type
Contribution
body
CZ_SENATE
docs/0
date
2023-07-13T00:00:00
docs
url: https://dmsearch.eesc.europa.eu/search/public?k=(documenttype:AC)(documentnumber:2408)(documentyear:2023)(documentlanguage:EN) title: CES2408/2023
type
Economic and Social Committee: opinion, report
body
ESC
docs/2
date
2023-07-19T00:00:00
docs
url: https://connectfolx.europarl.europa.eu/connefof/app/exp/COM(2023)0208 title: COM(2023)0208
type
Contribution
body
PT_PARLIAMENT
committees/0/shadows/3
name
TOŠENOVSKÝ Evžen
group
European Conservatives and Reformists Group
abbr
ECR
committees/0/shadows/2
name
NIINISTÖ Ville
group
Group of the Greens/European Free Alliance
abbr
Verts/ALE
docs/0
date
2023-06-28T00:00:00
docs
url: https://connectfolx.europarl.europa.eu/connefof/app/exp/COM(2023)0208 title: COM(2023)0208
type
Contribution
body
CZ_CHAMBER
docs/0
date
2023-04-18T00:00:00
docs
type
Legislative proposal
body
EC
committees/0/shadows/1
name
GROOTHUIS Bart
group
Renew Europe group
abbr
Renew
committees/0/shadows
  • name: NIEBLER Angelika group: Group of European People's Party abbr: EPP
committees/1/rapporteur
  • name: CAVAZZINI Anna date: 2023-05-23T00:00:00 group: Group of the Greens/European Free Alliance abbr: Verts/ALE
committees/2/opinion
False
commission
  • body: EC dg: Communications Networks, Content and Technology commissioner: BRETON Thierry
events/1
date
2023-06-01T00:00:00
type
Committee referral announced in Parliament, 1st reading
body
EP
procedure/dossier_of_the_committee
  • ITRE/9/11804
procedure/stage_reached
Old
Preparatory phase in Parliament
New
Awaiting committee decision
events/0/summary
  • PURPOSE: to create European cybersecurity certification schemes for managed security services.
  • PROPOSED ACT: Regulation of the European Parliament and of the Council.
  • ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.
  • BACKGROUND: Regulation (EU) 2019/881 of the European Parliament and of the Council on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification sets up a framework for the establishment of European cybersecurity certification schemes for the purpose of ensuring an adequate level of cybersecurity for ICT products, ICT services and ICT processes in the Union, as well as for the purpose of avoiding the fragmentation of the internal market with regard to cybersecurity certification schemes in the Union.
  • Managed security services , which are services consisting of carrying out, or providing assistance for, activities relating to their customers’ cybersecurity risk management, have gained increasing importance in the prevention and mitigation of cybersecurity incidents. Accordingly, the providers of those services are considered as essential or important entities belonging to a sector of high criticality pursuant to Directive (EU) 2022/2555 of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union.
  • Managed security service providers in areas such as incident response, penetration testing, security audits and consultancy, play a particularly important role in assisting entities in their efforts to prevent, detect, respond to or recover from incidents. They have however also themselves been the target of cyberattacks and pose a particular risk because of their close integration in the operations of their customers.
  • Some Member States have already begun adopting certification schemes for managed security services. There is therefore a growing risk of fragmentation of the internal market for managed security services owing to inconsistencies in cybersecurity certification schemes across the Union. This proposal aims to prevent such fragmentation.
  • CONTENT: the proposed targeted amendment to amend the scope of the European cybersecurity certification framework in the Cybersecurity Act aims to enable, by means of Commission implementing acts, the adoption of European cybersecurity certification schemes for ‘managed security services’ , in addition to information and technology (ICT) products, ICT services and ICT processes, which are already covered under the Cybersecurity Act.
  • The proposal also introduces a definition of those services, which is very closely aligned to the definition of ‘managed security services providers’ under the NIS 2 Directive (Article 2 of the Cybersecurity Act). It also adds new provisions on the security objectives of European cybersecurity certification adapted to ‘managed security services’.
  • Lastly, a number of technical amendments are made to ensure that the relevant articles apply also to ‘managed security services’.
committees/0/rapporteur
  • name: CUTAJAR Josianne date: 2023-05-02T00:00:00 group: Group of Progressive Alliance of Socialists and Democrats abbr: S&D
docs/0/docs/1
url
https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=2023&nu_doc=0208
title
EUR-Lex
events/0/docs/1
url
https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=2023&nu_doc=0208
title
EUR-Lex