2023/0109(COD) | [ParlTrack]

download json

2023/0109(COD) Measures to strengthen solidarity and capacities in the Union to detect, prepare for and respond to cybersecurity threats and incidents

Progress: Awaiting Council's 1st reading position

Role	Committee	Rapporteur	Shadows
Lead	ITRE	GÁLVEZ MUÑOZ Lina ( S&D)	NIEBLER Angelika ( EPP), GROOTHUIS Bart ( Renew), NIINISTÖ Ville ( Verts/ALE), TOŠENOVSKÝ Evžen ( ECR)
Committee Opinion	AFET	TUDORACHE Dragoş ( Renew)	Željana ZOVKO ( PPE), Markéta GREGOROVÁ ( Verts/ALE), Witold Jan WASZCZYKOWSKI ( ECR), Attila ARA-KOVÁCS ( S&D)
Committee Opinion	BUDG
Committee Opinion	CONT
Committee Opinion	IMCO
Committee Opinion	TRAN	FALCĂ Gheorghe ( EPP)	Nicola DANTI ( RE), Kosma ZŁOTOWSKI ( ECR), Josianne CUTAJAR ( S&D), Anne-Sophie PELLETIER ( GUE/NGL)
Committee Opinion	LIBE

Lead committee dossier:

ITRE/9/11824

Legal Basis:

TFEU 173-p3, TFEU 322-p1

Subjects

Events

2024/04/24

EP - Text adopted by Parliament, 1st reading/single reading

Documents

T9-0355/2024

2024/04/24

EP - Decision by Parliament, 1st reading

Documents

T9-0355/2024

2024/03/21

CSL - Coreper letter confirming interinstitutional agreement

Documents

GEDA/A/(2024)001689

2024/03/20

EP - Text agreed during interinstitutional negotiations

Documents

PE760.882

2024/03/20

EP - Approval in committee of the text agreed at 1st reading interinstitutional negotiations

Documents

PE760.882

2024/01/04

FR_SENATE - Contribution

Documents

COM(2023)0209

2023/12/13

EP - Committee decision to enter into interinstitutional negotiations confirmed by plenary (Rule 71)

2023/12/11

EP - Committee decision to enter into interinstitutional negotiations announced in plenary (Rule 71)

2023/12/08

EP - Committee report tabled for plenary, 1st reading

Details

The Committee on Industry, Research and Energy adopted the report by Lina GÁLVEZ MUÑOZ (S&D, ES) on the proposal for a regulation of the European Parliament and of the Council laying down measures to strengthen solidarity and capacities in the Union to detect, prepare for and respond to cybersecurity threats and incidents.

The committee responsible recommended that the European Parliament's position adopted at first reading under the ordinary legislative procedure should amend the proposal as follows:

Coordinated governance

Members stressed that close and coordinated cooperation is needed between the public sector, the private sector, academia, civil society and the media. Moreover, the Union's response needs to be coordinated with international institutions as well as trusted and like-minded international partners. To ensure cooperation with trusted and like-minded international partners and protection against systemic rivals, entities established in third countries that are not parties to the WTO Agreement on Government Procurement (GPA) should not be allowed to participate in procurement under this Regulation.

Cybersecurity reserve

Regarding the new cybersecurity reserve, Members believe it has the potential of developing industrial capacities in the EU, including for SMEs , with investments in research and innovation to develop state of the art technologies, such as cloud and artificial intelligence technologies. In addition, the report proposed to maintain the participation of the industry, enhance the criteria and trust of their participation (i.e. connecting their participation to a national or local company) by clarifying the criteria and the definition of technological sovereignty and to guarantee a balance between non-EU and EU actors. In addition, Members proposed for the Cyber Emergency Mechanism a certification scheme to be used for private providers to build a longstanding and trusted partnership.

To support the establishment of the EU Cybersecurity Reserve, the Commission could consider requesting ENISA to prepare a candidate certification scheme for managed security services in the areas covered by the Cybersecurity Emergency Mechanism. To fulfil the additional tasks deriving from this provision, ENISA should receive adequate, additional funding .

Funding

Considering geopolitical developments and the growing cyber threat landscape and in order to ensure continuity and further development of the measures laid down in this Regulation beyond 2027, particularly the European Cyber Shield and the Cybersecurity Emergency Mechanism, it is necessary to ensure a specific budget line in the multiannual financial framework for the period 2028-2034. According to the report, Member States should endeavour to commit themselves to supporting all necessary measures to reduce cyber threats and incidents throughout the Union and to strengthen solidarity.

Strengthening R&I in cybersecurity

The amended text called for enhanced research and innovation (R&I) in cybersecurity to increase the resilience and the open strategic autonomy of the Union. Similarly, it is important to create synergies with R&I programmes and with existing instruments and institutions and to strengthen cooperation and coordination among the different stakeholders, including the private sector, civil society, academia, Member States, the Commission and ENISA.

Evaluation and Review

The amended text stated that by two years from the date of application of this Regulation and every two years thereafter, the Commission should carry out an evaluation concerning, inter alia : (i) both the positive and the negative working of the Cybersecurity Emergency Mechanism; (ii) the contribution of this Regulation to reinforce the Union’s resilience and open strategic autonomy, to improve the competitiveness of the relevant industry sectors, microenterprises, SMEs including start-ups, and the development of cybersecurity skills in the Union; (iii) the use and added value of the EU Cybersecurity Reserve.

Documents

A9-0426/2023

2023/12/07

EP - Vote in committee, 1st reading

2023/12/07

EP - Committee decision to open interinstitutional negotiations with report adopted in committee

2023/11/29

CofR - Committee of the Regions: opinion

Documents

CDR2191/2023

2023/10/27

EP - Committee opinion

Documents

PE750.145

2023/10/25

EP - Committee opinion

Documents

PE752.607

2023/09/22

EP - Amendments tabled in committee

Documents

PE753.628

2023/09/18

PT_PARLIAMENT - Contribution

Documents

COM(2023)0209

2023/09/04

EP - Committee draft report

Documents

PE752.795

2023/08/01

CZ_SENATE - Contribution

Documents

COM(2023)0209

2023/07/13

ESC - Economic and Social Committee: opinion, report

Documents

CES2408/2023

2023/07/07

EP - FALCĂ Gheorghe (EPP) appointed as rapporteur in TRAN

2023/06/29

CZ_CHAMBER - Contribution

Documents

COM(2023)0209

2023/06/16

EP - TUDORACHE Dragoş (Renew) appointed as rapporteur in AFET

2023/06/01

EP - Committee referral announced in Parliament, 1st reading

2023/05/02

EP - GÁLVEZ MUÑOZ Lina (S&D) appointed as rapporteur in ITRE

2023/04/18

EC - Legislative proposal published

Details

PURPOSE: to lay down measures to strengthen solidarity and capacities in the Union to detect, prepare for and respond to cybersecurity threats and incidents (EU Cyber solidarity act).

PROPOSED ACT: Regulation of the European Parliament and of the Council.

ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.

BACKGROUND: the magnitude, frequency and impact of cybersecurity incidents are increasing, including supply chain attacks aiming at cyberespionage, ransomware or disruption. They represent a major threat to the functioning of network and information systems. In view of the fast-evolving threat landscape, the threat of possible large-scale incidents causing significant disruption or damage to critical infrastructures demands heightened preparedness at all levels of the Union’s cybersecurity framework. That threat goes beyond Russia’s military aggression on Ukraine and is likely to persist given the multiplicity of state-aligned, criminal and hacktivist actors involved in current geopolitical tensions.

CONTENT: with this proposal, the Commission aims to set up Cyber Solidarity Act which establishes EU capabilities to make Europe more resilient and reactive in front of cyber threats, while strengthening existing cooperation mechanism. It will contribute to ensuring a safe and secure digital landscape for citizens and businesses and to protecting critical entities and essential services, such as hospitals and public utilities.

This Regulation lays down measures to strengthen capacities in the Union to detect, prepare for and respond to cybersecurity threats and incidents, in particular through the following actions:

European Cyber Shield

An interconnected pan-European infrastructure of Security Operations Centres (European Cyber Shield) will be established to develop advanced capabilities for the Union to detect, analyse and process data on cyber threats and incidents in the Union. It will be composed of Security Operations Centres (SOCs) across the EU, brought together in several multi-country SOC platforms, built with support from the Digital Europe Programme (DEP) to supplement national funding. The Cyber Shield will be tasked with improving the detection, analysis and response to cyber threats. These SOCs will use advanced technology such as Artificial Intelligence (AI) and data analytics to detect and share warnings on such threats with authorities across borders. They will allow for a more timely and efficient response to major threats.

Cyber Emergency Mechanism

The Cyber Emergency Mechanism will improve the Union’s resilience to major cybersecurity threats and prepare for and mitigate, in a spirit of solidarity, the short-term impact of significant and large-scale cybersecurity incidents. It provides for actions to support preparedness, including coordinated testing of entities operating in highly critical sectors, response to and immediate recovery from significant or large-scale cybersecurity incidents or mitigate significant cyber threats and mutual assistance actions.

Also set to be created is an EU Cybersecurity Reserve made up of trusted and certified private companies ready to respond to major incidents.

European Cybersecurity Incident Review Mechanism

The proposed Regulation would also establish the Cybersecurity Incident Review Mechanism to assess and review specific cybersecurity incidents. At the request of the Commission or of national authorities (the EU-CyCLONe or the CSIRTs network), the EU Cybersecurity Agency (ENISA) will be responsible for the review of specific significant or large-scale cybersecurity incident and should deliver a report that includes lessons learned, and where appropriate, recommendations to improve Union’s cyber response.

Budgetary implications

The EU Cybersecurity Shield and the Cybersecurity Emergency Mechanism of this Regulation will be supported by funding under Strategic Objective ‘Cybersecurity’ of Digital Europe Programme (DEP).

The total budget includes an increase of EUR 100 million that this Regulation proposes to re-allocate from other Strategic Objectives of DEP. This will bring the new total amount available for Cybersecurity actions under DEP to EUR 842.8 million. Part of the additional EUR 100 million will reinforce the budget managed by the ECCC to implement actions on SOCs and preparedness as part of their Work Programme(s). Moreover, the additional funding will serve to support the establishment of the EU Cybersecurity Reserve.

It complements the budget already foreseen for similar actions in the main DEP and Cybersecurity DEP WP from the period 2023-2027 which could bring the total to 551 million for 2023-2027, while 115 million were dedicated already in the form of pilots for 2021-2022. Including Member States contributions, the overall budget could amount up to EUR 1.109 billion.

Documents

COM(2023)0209
EUR-Lex

Documents

Text adopted by Parliament, 1st reading/single reading: T9-0355/2024
Decision by Parliament, 1st reading: T9-0355/2024
Coreper letter confirming interinstitutional agreement: GEDA/A/(2024)001689
Text agreed during interinstitutional negotiations: PE760.882
Approval in committee of the text agreed at 1st reading interinstitutional negotiations: PE760.882
Contribution: COM(2023)0209
Committee report tabled for plenary, 1st reading: A9-0426/2023
Committee of the Regions: opinion: CDR2191/2023
Committee opinion: PE750.145
Committee opinion: PE752.607
Amendments tabled in committee: PE753.628
Contribution: COM(2023)0209
Committee draft report: PE752.795
Contribution: COM(2023)0209
Economic and Social Committee: opinion, report: CES2408/2023
Contribution: COM(2023)0209
Legislative proposal published: COM(2023)0209
Legislative proposal published: EUR-Lex
Economic and Social Committee: opinion, report: CES2408/2023
Committee draft report: PE752.795
Amendments tabled in committee: PE753.628
Committee opinion: PE752.607
Committee opinion: PE750.145
Committee of the Regions: opinion: CDR2191/2023
Text agreed during interinstitutional negotiations: PE760.882
Coreper letter confirming interinstitutional agreement: GEDA/A/(2024)001689
Text adopted by Parliament, 1st reading/single reading: T9-0355/2024
Contribution: COM(2023)0209
Contribution: COM(2023)0209
Contribution: COM(2023)0209
Contribution: COM(2023)0209

Activities

Lina GÁLVEZ MUÑOZ
Plenary Speeches (1)
- 2024/04/24 Cyber Solidarity Act (A9-0426/2023 - Lina Gálvez Muñoz) (vote)

Votes

A9-0426/2023 – Lina Gálvez Muñoz – Provisional agreement – Am 2 #

2024/04/24 Outcome: +: 470, 0: 86, -: 23

		FR	DE	IT	PL	ES	RO	SE	BE	HU	CZ	AT	BG	HR	SK	NL	FI	DK	EL	PT	LT	SI	LV	EE	IE	LU	MT
	Total	72	81	45	43	54	21	20	21	15	21	17	13	11	12	28	13	11	12	17	9	7	8	7	11	6	4
PPE	146	France PPE For (7) Anne SANDER, Arnaud DANJEAN, Brice HORTEFEUX, François-Xavier BELLAMY, Laurence SAILLIET, Nadine MORANO, Nathalie COLIN-OESTERLÉ 7	Germany PPE For (26) Andreas SCHWAB, Angelika NIEBLER, Axel VOSS, Christian DOLESCHAL, Christian EHLER, David McALLISTER, Dennis RADTKE, Hildegard BENTELE, Jens GIESEKE, Karolin BRAUNSBERGER-REINHOLD, Lena DÜPONT, Manfred WEBER, Marion WALSMANN, Markus FERBER, Markus PIEPER, Marlene MORTLER, Michael GAHLER, Niclas HERBST, Niels GEUKING, Peter JAHR, Peter LIESE, Rainer WIELAND, Ralf SEEKATZ, Sabine VERHEYEN, Stefan BERGER, Sven SIMON 26	Italy PPE For (6) Caterina CHINNICI, Herbert DORFMANN, Lara COMI, Lucia VUOLO, Matteo GAZZINI, Stefania ZAMBELLI 6	Poland PPE For (13) Adam JARUBAS, Danuta Maria HÜBNER, Elżbieta Katarzyna ŁUKACIJEWSKA, Jan OLBRYCHT, Janusz LEWANDOWSKI, Jarosław DUDA, Jarosław KALINOWSKI, Jerzy BUZEK, Krzysztof BREJZA, Magdalena ADAMOWICZ, Tomasz FRANKOWSKI, Witold PAHL, Włodzimierz KARPIŃSKI 13	Spain PPE For (12) Ana COLLADO JIMÉNEZ, Antonio LÓPEZ-ISTÚRIZ WHITE, Francisco José MILLÁN MON, Gabriel MATO, Isabel BENJUMEA BENJUMEA, Javier ZARZALEJOS, José Manuel GARCÍA-MARGALLO Y MARFIL, Juan Ignacio ZOIDO ÁLVAREZ, Leopoldo LÓPEZ GIL, Pablo ARIAS ECHEVERRÍA, Pilar del CASTILLO VERA, Rosa ESTARÀS FERRAGUT 12	Romania PPE For (10) Dan-Ştefan MOTREANU, Daniel BUDA, Gheorghe-Vlad NISTOR, Ioan-Rareş BOGDAN, Iuliu WINKLER, Loránt VINCZE, Marian-Jean MARINESCU, Mircea-Gheorghe HAVA, Siegfried MUREŞAN, Traian BĂSESCU 10	Sweden PPE For (6) Arba KOKALARI, David LEGA, Jessica POLFJÄRD, Jörgen WARBORN, Sara SKYTTEDAL, Tomas TOBÉ 6	Belgium PPE For (4) Benoît LUTGEN, Cindy FRANSSEN, Pascal ARIMONT, Tom VANDENKENDELAERE 4	Hungary PPE For (1) György HÖLVÉNYI 1	Czechia PPE For (5) Jiří POSPÍŠIL, Luděk NIEDERMAYER, Michaela ŠOJDROVÁ, Stanislav POLČÁK, Tomáš ZDECHOVSKÝ 5	Austria PPE For (6) Alexander BERNHUBER, Angelika WINZIG, Barbara THALER, Lukas MANDL, Othmar KARAS, Wolfram PIRCHNER 6	Bulgaria PPE For (7) Alexander ALEXANDROV YORDANOV, Andrey KOVATCHEV, Andrey NOVAKOV, Asim ADEMOV, Emil RADEV, Eva MAYDELL, Radan KANEV 7	Croatia PPE For (3) Karlo RESSLER, Sunčana GLAVAK, Tomislav SOKOL 3	Slovakia PPE For (4) Ivan ŠTEFANEC, Miriam LEXMANN, Peter POLLÁK, Vladimír BILČÍK 4	Netherlands PPE For (6) Anja HAGA, Annie SCHREIJER-PIERIK, Antonius MANDERS, Henk Jan ORMEL, Jeroen LENAERS, Tom BERENDSEN 6	Finland PPE For (3) Henna VIRKKUNEN, Petri SARVAMAA, Sirpa PIETIKÄINEN 3	Denmark PPE For (1) Pernille WEISS 1	Greece PPE For (4) Anna-Michelle ASIMAKOPOULOU, Elissavet VOZEMBERG-VRIONIDI, Manolis KEFALOGIANNIS, Vangelis MEIMARAKIS 4	Portugal PPE For (4) Ana Miguel DOS SANTOS, Carlos COELHO, Lídia PEREIRA, Teófilo SANTOS 4	Lithuania PPE For (4) Andrius KUBILIUS, Aušra SEIBUTYTĖ, Liudas MAŽYLIS, Rasa JUKNEVIČIENĖ 4	Slovenia PPE For (3) Franc BOGOVIČ, Milan ZVER, Romana TOMC 3	Latvia PPE For (3) Dace MELBĀRDE, Inese VAIDERE, Sandra KALNIETE 3	Estonia PPE For (1) Riho TERRAS 1	Ireland PPE For (4) Colm MARKEY, Deirdre CLUNE, Frances FITZGERALD, Seán KELLY 4	Luxembourg PPE For (2) Isabel WISELER-LIMA, Martine KEMP 2	Malta PPE For (1) David CASA 1
S&D	111	France S&D For (7) Aurore LALUCQ, Christophe CLERGEAU, Nora MEBAREK, Pascal DURAND, Pierre LARROUTUROU, Raphaël GLUCKSMANN, Sylvie GUILLAUME 7	Germany S&D For (12) Delara BURKHARDT, Dietmar KÖSTER, Gabriele BISCHOFF, Jens GEIER, Joachim SCHUSTER, Karsten LUCKE, Maria NOICHL, Matthias ECKE, René REPASI, Thomas RUDNER, Tiemo WÖLKEN, Udo BULLMANN 12	Italy S&D For (7) Achille VARIATI, Daniela RONDINELLI, Franco ROBERTI, Giuliano PISAPIA, Irene TINAGLI, Mercedes BRESSO, Paolo DE CASTRO 7	Poland S&D For (6) Bogusław LIBERADZKI, Leszek MILLER, Marek BELKA, Marek Paweł BALT, Robert BIEDROŃ, Włodzimierz CIMOSZEWICZ 6	Spain S&D For (21) Alicia HOMS GINEL, Clara AGUILERA, Cristina MAESTRE MARTÍN DE ALMAGRO, César LUENA, Domènec RUIZ DEVESA, Eider GARDIAZABAL RUBIAL, Estrella DURÁ FERRANDIS, Ibán GARCÍA DEL BLANCO, Inma RODRÍGUEZ-PIÑERO, Iratxe GARCÍA PÉREZ, Isabel GARCÍA MUÑOZ, Javi LÓPEZ, Javier MORENO SÁNCHEZ, Jonás FERNÁNDEZ, Juan Fernando LÓPEZ AGUILAR, Laura BALLARÍN CEREZA, Lina GÁLVEZ MUÑOZ, Marcos ROS SEMPERE, Mónica Silvana GONZÁLEZ, Nacho SÁNCHEZ AMOR, Nicolás GONZÁLEZ CASARES 21	Romania S&D For (2) Dan NICA, Rovana PLUMB 2	Sweden S&D For (5) Carina OHLSSON, Evin INCIR, Heléne FRITZON, Ilan DE BASSO, Linus GLANZELIUS 5	Belgium S&D For (2) Kathleen VAN BREMPT, Maria ARENA 2	Hungary S&D For (5) Attila ARA-KOVÁCS, Csaba MOLNÁR, István UJHELYI, Klára DOBREV, Sándor RÓNAI 5	Czechia S&D For (1) Radka MAXOVÁ 1	Austria S&D For (5) Andreas SCHIEDER, Evelyn REGNER, Günther SIDL, Hannes HEIDE, Theresa BIELOWSKI 5	Bulgaria S&D For (2) Ivo HRISTOV, Petar VITANOV 2	Croatia S&D For (4) Biljana BORZAN, Predrag Fred MATIĆ, Romana JERKOVIĆ, Tonino PICULA 4	Slovakia S&D For (1) Robert HAJŠEL 1	Netherlands S&D Abstain (6) Agnes JONGERIUS, Lara WOLTERS, Mohammed CHAHIM, Paul TANG, Thijs REUTEN, Vera TAX 6	Finland S&D For (2) Eero HEINÄLUOMA, Miapetra KUMPULA-NATRI 2	Denmark S&D For (2) Christel SCHALDEMOSE, Marianne VIND 2	Greece S&D For (1) Nikos PAPANDREOU 1	Portugal S&D For (8) Isabel CARVALHAIS, Isabel SANTOS, João ALBUQUERQUE, Margarida MARQUES, Maria-Manuel LEITÃO-MARQUES, Pedro MARQUES, Pedro SILVA PEREIRA, Sara CERDAS 8	Lithuania S&D For (2) Juozas OLEKAS, Vilija BLINKEVIČIŪTĖ 2	Slovenia S&D For (2) Matjaž NEMEC, Milan BRGLEZ 2	Latvia S&D For (2) Andris AMERIKS, Nils UŠAKOVS 2	Estonia S&D For (2) Marina KALJURAND, Sven MIKSER 2		Luxembourg S&D For (1) Marc ANGEL 1	Malta S&D For (3) Alfred SANT, Cyrus ENGERER, Josianne CUTAJAR 3
Renew	93	France Renew For (22) Bernard GUETTA, Catherine AMALRIC, Catherine CHABAUD, Christophe GRUDLER, Dominique RIQUET, Fabienne KELLER, Gilles BOYER, Guy LAVOCAT, Ilana CICUREL, Irène TOLLERET, Jérémy DECERLE, Laurence FARRENG, Marie-Pierre VEDRENNE, Max ORVILLE, Pascal CANFIN, Pierre KARLESKIND, Salima YENBOU, Sandro GOZI, Stéphane BIJOUX, Stéphanie YON-COURTIN, Sylvie BRUNET, Valérie HAYER 22	Germany Renew For (7) Andreas GLÜCK, Engin EROGLU, Jan-Christoph OETJEN, Michael KAUCH, Moritz KÖRNER, Svenja HAHN, Ulrike MÜLLER 7	Italy Renew For (3) Fabio Massimo CASTALDO, Marco ZULLO, Nicola DANTI 3	Poland Renew For (1) Róża THUN UND HOHENSTEIN 1	Spain Renew For (7) Eva Maria POPTCHEVA, Izaskun BILBAO BARANDICA, Javier NART, Jordi CAÑAS, José Ramón BAUZÁ DÍAZ, Maite PAGAZAURTUNDÚA, María Soraya RODRÍGUEZ RAMOS 7	Romania Renew For (7) Alin MITUȚA, Dacian CIOLOŞ, Dragoş PÎSLARU, Dragoş TUDORACHE, Ramona STRUGARIU, Vlad GHEORGHE, Vlad-Marius BOTOŞ 7	Sweden Renew For (3) Abir AL-SAHLANI, Emma WIESNER, Karin KARLSBRO 3	Belgium Renew For (4) Frédérique RIES, Guy VERHOFSTADT, Hilde VAUTMANS, Olivier CHASTEL 4	Hungary Renew For (1) Katalin CSEH 1	Czechia Renew For (5) Dita CHARANZOVÁ, Martin HLAVÁČEK, Martina DLABAJOVÁ, Ondřej KNOTEK, Ondřej KOVAŘÍK 5	Austria Renew For (1) Claudia GAMON 1	Bulgaria Renew For (2) Atidzhe ALIEVA-VELI, Ilhan KYUCHYUK 2	Croatia Renew For (1) Valter FLEGO 1	Slovakia Renew For (3) Jozef MIHÁL, Lucia ĎURIŠ NICHOLSONOVÁ, Martin HOJSÍK 3	Netherlands Renew For (7) Bart GROOTHUIS, Caroline NAGTEGAAL, Catharina RINZEMA, Jan HUITEMA, Malik AZMANI, Samira RAFAELA, Sophia IN 'T VELD 7	Finland Renew For (3) Elsi KATAINEN, Mauri PEKKARINEN, Nils TORVALDS 3	Denmark Renew For (5) Asger CHRISTENSEN, Erik POULSEN, Karen MELCHIOR, Morten LØKKEGAARD, Morten PETERSEN 5	Greece Renew For (1) Georgios KYRTSOS 1			Slovenia Renew For (2) Irena JOVEVA, Klemen GROŠELJ 2	Latvia Renew For (1) Ivars IJABS 1	Estonia Renew For (3) Andrus ANSIP, Jana TOOM, Urmas PAET 3	Ireland Renew For (2) Barry ANDREWS, Billy KELLEHER 2	Luxembourg Renew For (2) Charles GOERENS, Monica SEMEDO 2
ECR	57	France ECR For (1) Nicolas BAY 1	Germany ECR For (1) Lars Patrick BERG 1	Italy ECR For (5) Carlo FIDANZA, Chiara GEMMA, Denis NESCI, Pietro FIOCCHI, Sergio BERLATO 5	Poland ECR For (22) Andżelika Anna MOŻDŻANOWSKA, Anna FOTYGA, Anna ZALEWSKA, Beata KEMPA, Beata MAZUREK, Beata SZYDŁO, Bogdan RZOŃCA, Dominik TARCZYŃSKI, Elżbieta KRUK, Elżbieta RAFALSKA, Grzegorz TOBISZOWSKI, Izabela-Helena KLOC, Jacek SARYUSZ-WOLSKI, Jadwiga WIŚNIEWSKA, Joanna KOPCIŃSKA, Krzysztof JURGIEL, Patryk JAKI, Ryszard Antoni LEGUTKO, Ryszard CZARNECKI, Tomasz Piotr PORĘBA, Witold Jan WASZCZYKOWSKI, Zdzisław KRASNODĘBSKI 22	Spain ECR For (4) Hermann TERTSCH, Jorge BUXADÉ VILLALBA, Margarita DE LA PISA CARRIÓN, Mazaly AGUILAR 4	Romania ECR For (1) Cristian TERHEŞ 1	Sweden ECR For (3) Charlie WEIMERS, Johan NISSINEN, Peter LUNDGREN 3	Belgium ECR For (3) Assita KANKO, Geert BOURGEOIS, Johan VAN OVERTVELDT 3		Czechia ECR For (4) Alexandr VONDRA, Evžen TOŠENOVSKÝ, Jan ZAHRADIL, Veronika VRECIONOVÁ 4		Bulgaria ECR For (2) Andrey SLABAKOV, Angel DZHAMBAZKI 2	Croatia ECR For (1) Ladislav ILČIĆ 1	Slovakia ECR Abstain (1) Eugen JURZYCA 1	Netherlands ECR For (1) Bert-Jan RUISSEN Against (3) Dorien ROOKMAKER, Rob ROOKEN, Robert ROOS Abstain (1) Michiel HOOGEVEEN 5	Finland ECR For (1) Pirkko RUOHONEN-LERNER 1		Greece ECR Abstain (1) Emmanouil FRAGKOS 1		Lithuania ECR For (1) Waldemar TOMASZEWSKI 1		Latvia ECR For (1) Roberts ZĪLE 1
ID	45	France ID For (14) André ROUGÉ, Annika BRUNA, Aurélia BEIGNEUX, Catherine GRISET, Dominique BILDE, France JAMET, Gilles LEBRETON, Jean-Paul GARRAUD, Jordan BARDELLA, Marie DAUCHY, Mathilde ANDROUËT, Patricia CHAGNON, Thierry MARIANI, Virginie JORON 14	Germany ID Abstain (8) Bernhard ZIMNIOK, Christine ANDERSON, Guido REIL, Gunnar BECK, Joachim KUHS, Markus BUCHHEIT, Nicolaus FEST, Sylvia LIMMER 8	Italy ID For (15) Alessandro PANZA, Annalisa TARDINO, Antonio Maria RINALDI, Elena LIZZI, Gianna GANCIA, Isabella TOVAGLIERI, Marco CAMPOMENOSI, Marco ZANNI, Maria Veronica ROSSI, Massimo CASANOVA, Matteo ADINOLFI, Paola GHIDONI, Silvia SARDONE, Susanna CECCARDI, Valentino GRANT 15					Belgium ID For (3) Filip DE MAN, Gerolf ANNEMANS, Tom VANDENDRIESSCHE 3		Czechia ID For (1) Ivan DAVID 1	Austria ID For (2) Georg MAYER, Roman HAIDER 2						Denmark ID Abstain (1) Anders VISTISEN 1						Estonia ID Abstain (1) Jaak MADISON 1
NI	34	France NI For (3) Hervé JUVIN, Jérôme RIVIÈRE, Maxette PIRBAKAS 3	Germany NI For (1) Jörg MEUTHEN Abstain (1) Martin SONNEBORN 2	Italy NI For (6) Dino GIARRUSSO, Laura FERRARA, Maria Angela DANZÌ, Mario FURORE, Sabrina PIGNEDOLI, Tiziana BEGHIN Abstain (1) Andrea COZZOLINO 7		Spain NI Abstain (1) Clara PONSATÍ OBIOLS 1	Romania NI For (1) Tudor CIUHODARU 1		Belgium NI For (1) Marc TARABELLA 1	Hungary NI For (8) Andor DELI, Andrea BOCSKOR, Edina TÓTH, Enikő GYŐRI, Kinga GÁL, Lívia JÁRÓKA, Tamás DEUTSCH, Ádám KÓSA 8	Czechia NI Against (1) Hynek BLAŠKO 1			Croatia NI For (2) Ivan Vilibor SINČIĆ, Mislav KOLAKUŠIĆ 2	Slovakia NI For (3) Katarína ROTH NEVEĎALOVÁ, Milan UHRÍK, Miroslav RADAČOVSKÝ 3	Netherlands NI Against (1) Marcel de GRAAFF 1			Greece NI For (2) Athanasios KONSTANTINOU, Eva KAILI Against (1) Kostas PAPADAKIS 3				Latvia NI Against (1) Tatjana ŽDANOKA 1
Verts/ALE	66	France Verts/ALE Abstain (12) Benoît BITEAU, Caroline ROOSE, Claude GRUFFAT, Damien CARÊME, David CORMAND, François ALFONSI, François THIOLLET, Gwendoline DELBOS-CORFIELD, Karima DELLI, Lydie MASSARD, Marie TOUSSAINT, Mounir SATOURI 12	Germany Verts/ALE For (3) Hannah NEUMANN, Pierrette HERZBERGER-FOFANA, Rasmus ANDRESEN Abstain (20) Alexandra GEESE, Anna CAVAZZINI, Anna DEPARNAY-GRUNENBERG, Damian BOESELAGER, Daniel FREUND, Erik MARQUARDT, Henrike HAHN, Jan OVELGÖNNE, Jutta PAULUS, Katrin LANGENSIEPEN, Manuela RIPA, Martin HÄUSLING, Michael BLOSS, Niklas NIENASS, Patrick BREYER, Reinhard BÜTIKOFER, Sergey LAGODINSKY, Ska KELLER, Terry REINTKE, Viola VON CRAMON-TAUBADEL 23	Italy Verts/ALE Abstain (2) Ignazio CORRAO, Rosa D'AMATO 2	Poland Verts/ALE Abstain (1) Sylwia SPUREK 1	Spain Verts/ALE Abstain (3) Ana MIRANDA, Diana RIBA I GINER, Jordi SOLÉ 3		Sweden Verts/ALE For (3) Alice KUHNKE, Jakop G. DALUNDE, Pär HOLMGREN 3	Belgium Verts/ALE Abstain (3) Philippe LAMBERTS, Sara MATTHIEU, Saskia BRICMONT 3		Czechia Verts/ALE Abstain (3) Marcel KOLAJA, Markéta GREGOROVÁ, Mikuláš PEKSA 3	Austria Verts/ALE Abstain (3) Monika VANA, Sarah WIENER, Thomas WAITZ 3				Netherlands Verts/ALE Abstain (3) Bas EICKHOUT, Kim VAN SPARRENTAK, Tineke STRIK 3	Finland Verts/ALE Abstain (3) Alviina ALAMETSÄ, Heidi HAUTALA, Ville NIINISTÖ 3	Denmark Verts/ALE For (1) Margrete AUKEN 1		Portugal Verts/ALE Abstain (1) Francisco GUERREIRO 1	Lithuania Verts/ALE Abstain (2) Bronis ROPĖ, Stasys JAKELIŪNAS 2				Ireland Verts/ALE Abstain (2) Ciarán CUFFE, Grace O'SULLIVAN 2	Luxembourg Verts/ALE Abstain (1) Tilly METZ 1
The Left	27	France The Left For (1) Emmanuel MAUREL Abstain (5) Anne-Sophie PELLETIER, Leila CHAIBI, Manon AUBRY, Marina MESURE, Younous OMARJEE 6	Germany The Left Against (2) Cornelia ERNST, Özlem DEMIREL 2			Spain The Left Against (6) Esther SANZ SELVA, Eugenia RODRÍGUEZ PALOP, Idoia VILLANUEVA RUIZ, Manu PINEDA, Miguel URBÁN CRESPO, Patricia CARO MAYA 6			Belgium The Left Against (1) Marc BOTENGA 1		Czechia The Left Against (1) Kateřina KONEČNÁ 1						Finland The Left For (1) Silvia MODIG 1	Denmark The Left For (1) Nikolaj VILLUMSEN 1	Greece The Left For (2) Dimitrios PAPADIMOULIS, Elena KOUNTOURA 2	Portugal The Left Against (4) Anabela RODRIGUES, José GUSMÃO, João PIMENTA LOPES, Sandra PEREIRA 4					Ireland The Left For (1) Chris MACMANUS Against (2) Clare DALY, Luke Ming FLANAGAN 3

Amendments	Dossier
171	2023/0109(COD) 2023/09/22 ITRE 171 amendments... Amendment 100 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 2 – paragraph 1 – point 11 (11) ‘trusted managed security service providers’ means managed security service providers as defined in Article 6, point (40), of Directive (EU) 2022/2555 selected to be included in the EU Cybersecurity Reserve in accordance with Article 16 of this Regulation. Amendment 101 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 3 – paragraph 1 – subparagraph 1 An interconnected pan-European infrastructure of Security Operations Centres (‘European Cyber Shield’) shall be established to develop advanced capabilities for the Union to detect, analyse and process data on cyber threats and prevent incidents in the Union. It shall consist of all National Security Operations Centres (‘National SOCs’) and Cross- border Security Operations Centres (‘Cross-border SOCs’). Amendment 102 # Johan NISSINEN Proposal for a regulation Article 3 – paragraph 2 – subparagraph 1 – point a (a) pool and share data on cyber threats and incidents from various sources through voluntary sharing of information from cross-border SOCs; Amendment 103 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 3 – paragraph 2 – subparagraph 1 – point a (a) pool and share data on cyber threats and incidents from various sources through cross-border SOCs both at national and EU level; Amendment 104 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 3 – paragraph 2 – subparagraph 1 – point c (c) contribute to better protection and response to cyber threats, including by providing concrete recommendations to entities; Amendment 105 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 3 – paragraph 2 – subparagraph 1 – point d (d) contribute to faster detection of cyber threats and situational awareness across the Union, including by gathering pro-active intelligence; Amendment 106 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 3 – paragraph 2 – subparagraph 1 – point e (e) provide services and activities for the cybersecurity community in the Union, including contributing to the development of advanced artificial intelligence and data analytics tools. Amendment 107 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 4 – title ~~National Security Operations Centres~~Strengthened cooperation and information sharing at national level Amendment 108 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 4 – paragraph 1 – subparagraph 1 In order to ~~participa~~contribute into the European Cyber Shield, each Member State shall designate ~~at least~~ one of its Computer security incident response ~~National SOC. The National SOC shall be a public body~~teams (CSIRTs), referred to in Article 10 of Directive (EU) 2022/2555, as a Information Sharing and Analysis Centre (ISAC). Amendment 109 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 4 – paragraph 1 – subparagraph 1 a (new) Private and public organisations or national authorities, particularly entities operating in critical or highly critical sectors, shall be encouraged to establish and operate their autonomous or shared SOCs. Amendment 110 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 4 – paragraph 1 – subparagraph 2 It shall have the capacity to act as a reference point and gateway to other public and private organisations at national level for collecting and analysing information on cybersecurity threats and ~~incidents and~~ contributing to a Cross-border SOC. It shall be equipped with state-of-the-art technologies capable of detecting, aggregating, and analysing data relevant to cybersecurity threats and incidents. It or the national CSIRT may request telemetry, sensor or logging data that pertain to sectors of high criticality as defined in 2022/2555 from trusted providers or managed security service providers. This data may only be shared to support the tasks and responsibilities of the national SOC or CSIRT in detecting and preventing cybersecurity incidents. Amendment 111 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 4 – paragraph 1 – subparagraph 2 It shall have the capacity to act as a reference point and gateway toprimarily to SOCs established by private and public entities or national authorities, other CSIRTs of the same Member State, coordinator for the management of large- scale cybersecurity incidents and crises, as well as for other public and private organisations at national level for collecting and analysing information on cybersecurity threats and incidents, and ~~contributing to a Cross-border SOC~~, where relevant, sharing those information with other members of the CSIRTs network. It shall be equipped with state-of- the-art technologies capable of detecting, aggregating, and analysing data relevant to cybersecurity threats and incidents. Amendment 112 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 4 – paragraph 1 – subparagraph 2 It shall have the capacity to act as a reference point and gateway to other public and private organisations at national level, particularly their SOCs, for collecting and analysing information on cybersecurity threats and incidents and contributing to a Cross-border SOC. It shall be equipped with state-of-the-art technologies capable of detecting, aggregating, and analysing data relevant to cybersecurity threats and incidents. Amendment 113 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 4 – paragraph 2 2. Following a call for expression of interest, National SOCs shall be selected by the European Cybersecurity Competence Centre (‘ECCC’) to participate in a joint procurement of tools and infrastructures with the ECCC. The ECCC may award grants to the selected National SOCs to fund the operation of those tools and infrastructures. The Union financial contribution shall cover up to 50% of the acquisition costs of the tools and infrastructures, and up to 50% of the operation costs, with the remaining costs to be covered by the Member State. Before launching the procedure for the acquisition of the tools and infrastructures, the ECCC and the National SOC shall conclude a hosting and usage agreement regulating the usage of the tools and infrastructures.deleted Amendment 114 # Ville NIINISTÖ Proposal for a regulation Article 4 – paragraph 2 2. Following a call for expression of interest, National SOCs ~~shall~~may be selected by the European Cybersecurity Competence Centre (‘ECCC’) to participate in a joint procurement of tools and infrastructures with the ECCC. The ECCC may award grants to the selected National SOCs to fund the operation of those tools and infrastructures. The Union financial contribution shall cover up to 50% of the acquisition costs of the tools and infrastructures, and up to 50% of the operation costs, with the remaining costs to be covered by the Member State. Before launching the procedure for the acquisition of the tools and infrastructures, the ECCC and the National SOC shall conclude a hosting and usage agreement regulating the usage of the tools and infrastructures. Amendment 115 # Evžen TOŠENOVSKÝ 3. A National SOC selected pursuant to paragraph 2 shall commit to apply to participate in a Cross-border SOC within two years from the date on which the tools and infrastructures are acquired, or on which it receives grant funding, whichever occurs sooner. If a National SOC is not a participant in a Cross-border SOC by that time, it shall not be eligible for additional Union support under this Regulation.deleted Amendment 116 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 5 – title ~~Cross-border Security Operations Cent~~Joint procurement of tools and infrastructures Amendment 117 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 5 – paragraph 1 1. A Hosting Consortium consisting of at least three Member States, represented by National SOCs, committed to working together to coordinate their cyber-detection and threat monitoring activities shall be eligible to participate in actions to establish a Cross-border SOC.deleted Amendment 118 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 5 – paragraph 2 2. Following a call for expression of interest, a ~~Hosting Consortium shall~~CSIRTs-ISACs may be selected by the ECCC to participate in a joint procurement of tools and infrastructures with the ECCC. The ECCC may award to ~~the Hosting Consortium~~CSIRTs-ISACs a grant to fund the operation of the tools and infrastructures. The Union financial contribution shall cover up to 75% of the acquisition costs of the tools and infrastructures, and up to 50% of the operation costs, with the remaining costs to be covered by ~~the Hosting Consortium~~CSIRTs-ISACs. Before launching the procedure for the acquisition of the tools and infrastructures, the ECCC and ~~the Hosting Consortium~~participating CSIRT-ISAC shall conclude a hosting and usage agreement regulating the usage of the tools and infrastructures, including their usage by other CSIRTs and SOCs in that Member State. Amendment 119 # Ville NIINISTÖ Proposal for a regulation Article 5 – paragraph 2 2. Following a call for expression of interest, a Hosting Consortium ~~shall~~may be selected by the ECCC to participate in a joint procurement of tools and infrastructures with the ECCC. The ECCC may award to the Hosting Consortium a grant to fund the operation of the tools and infrastructures. The Union financial contribution shall cover up to 75% of the acquisition costs of the tools and infrastructures, and up to 50% of the operation costs, with the remaining costs to be covered by the Hosting Consortium. Before launching the procedure for the acquisition of the tools and infrastructures, the ECCC and the Hosting Consortium shall conclude a hosting and usage agreement regulating the usage of the tools and infrastructures. Amendment 120 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 5 – paragraph 2 a (new) 2a. Procurement from and participation of a private entity that is established in a like-minded third country should be allowed if it does not contravene the security and defence interests of the Union and the Member States as established in the framework of the common foreign and security policy pursuant to Title V of the TEU, or the objectives set out in this Regulation. Those private entities should not be controlled by a non-associated third country or they shall have been subject to screening within the meaning of Regulation (EU) 2019/452 of the European Parliament and of the Council. Amendment 121 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 5 – paragraph 3 ~~3. Members of the Hosting Consortium shall conclude a written consortium agreement which sets out their internal arrangements for implementing the hosting and usage Agreement.~~deleted Amendment 122 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 5 – paragraph 4 4. A Cross-border SOC shall be represented for legal purposes by a National SOC acting as coordinating SOC, or by the Hosing Consortium if it has legal personality. The co-ordinating SOC shall be responsible for compliance with the requirements of the hosting and usage agreement and of this Regulation.deleted Amendment 123 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 6 – title CStrenghtened cooperation and information sharing ~~within and between cross-border SOCs~~at EU level Amendment 124 # Johan NISSINEN Proposal for a regulation Article 6 – paragraph 1 – introductory part 1. Members of a Hosting Consortium ~~shall~~may exchange relevant information among themselves within the Cross-border SOC including information relating to cyber threats, near misses, vulnerabilities, techniques and procedures, indicators of compromise, adversarial tactics, threat- actor-specific information, cybersecurity alerts and recommendations regarding the configuration of cybersecurity tools to detect cyber attacks, where such information sharing: Amendment 125 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 6 – paragraph 1 – introductory part 1. ~~Members of a Hosting Consortium~~CSIRTs-ISACs and other CSIRTs shall exchange relevant information among themselves within the C~~ross-border SOC~~SIRTs Network, including information relating to cyber threats, near misses, vulnerabilities, techniques and procedures, indicators of compromise, adversarial tactics, threat- actor-specific information, cybersecurity alerts and recommendations regarding the configuration of cybersecurity tools to detect cyber attacks, where such information sharing: Amendment 126 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 6 – paragraph 1 – point a (a) aim~~s to prevent, detect, respond to or recover from incidents~~proves the exchange of cyber threat intelligence between SOCs and industry ISACs with the aim to prevent, detect, or to mitigate ~~their impact~~incidents; Amendment 127 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 6 – paragraph 2 – introductory part 2. The ~~written consortium agreement referred to in Article 5(3) shall~~information and intelligence sharing agreement among CSIRTs-ISACs, or where relevant, other CSIRTs, may establish: Amendment 128 # Johan NISSINEN Proposal for a regulation Article 6 – paragraph 2 – point a (a) a commitment to ~~share a significant amount of~~voluntarily share data referred to in paragraph 1, and the conditions under which that information is to be exchanged; Amendment 129 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 6 – paragraph 2 – point a (a) a commitment to share a significant ~~amount of~~ data referred to in paragraph 1, and the conditions under which that information is to be exchanged; Amendment 130 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 6 – paragraph 3 3. To encourage exchange of information between Cross-border SOCs, Cross-border SOCs shall ensure a high level of interoperability between themselves. To facilitate the interoperability between the Cross-border SOCs, the Commission may, by means of implementing acts, after consulting the ECCC, specify the conditions for this interoperability. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 21(2) of this Regulation.deleted Amendment 131 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 6 – paragraph 3 3. To encourage exchange of information ~~between~~amongst Cross-border SOCs and with industry ISACs, Cross-border SOCs shall ensure a high level of interoperability between themselves and, where possible with industry ISACs. To facilitate the interoperability between the Cross-border SOCs~~, the Commission may, by means of implementing acts, after consulting the ECCC, specify the conditions for this interoperability. Those implementing~~ and with industry ISACs, information sharing standards and protocols should be harmonized with international standards and industry best practices. The ECCC may also request the Commission by means of delegated acts to propose the conditions for this interoperability in close coordination with the regional SOCs and on the basis of international standards and industry best practices. Those delegated acts shall be adopted in accordance with the examination procedure referred to in Article 21(2) of this Regulation. Amendment 132 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 6 – paragraph 3 3. To encourage exchange of information between Cross-border SOCs, Cross-border SOCs shall ensure a high level of interoperability between themselves. ~~To facilitate the interoperability between~~Joint procurement of cyber infrastructures, services and tools may facilitate the interoperability between the Cross-border SOCs. To specify the conditions for interoperability of the Cross-border SOCs, the Commission, may, by means of implementing acts, after consulting the ECCC and ENISA, specify the conditions for this interoperability. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 21(2) of this Regulation. Amendment 133 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 6 – paragraph 4 ~~4. Cross-border SOCs shall conclude cooperation agreements with one another, specifying information sharing principles among the cross-border platforms.~~deleted Amendment 134 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 6 – paragraph 4 4. Cross-border SOCs shall conclude cooperation agreements with one another, specifying information sharing principles among the cross-border platforms, taking into consideration already existing relevant information sharing mechanisms under the Directive (EU) 2022/2555. In the context of a potential or ongoing large-scale cybersecurity incident, information sharing mechanisms shall comply with the relevant provisions under the Directive (EU) 2022/2555. Amendment 135 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 6 – paragraph 4 4. Cross-border SOCs shall conclude cooperation agreements with one another and with industry ISACs, specifying information sharing and interoperability principles among the cross-border platforms. Amendment 136 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 7 – title Cooperation and information sharing with ~~Union entities~~the CSIRT network Amendment 137 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN 1. Where the Cross-border SOCs obtain information relating to a potential or ongoing large-scale cybersecurity incident~~, they~~ for the purpose of shared situation awareness, the coordinating SOC shall provide the relevant information to its CSIRT or competent authority, which will report this to the EU=CyCLONe, the CSIRTs network and the Commission, in view of their respective crisis management roles and procedures in accordance with Directive (EU) 2022/2555 without undue delay. Amendment 138 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 7 – paragraph 1 1. Where the Cross-border SOCs obtain information relating to a potential or ongoing large-scale cybersecurity incident, they shall provide relevant information to EU=CyCLONe, the CSIRTs network and the Commission~~, in view of~~ and ENISA, in line with their respective crisis management roles in accordance with Directive (EU) 2022/2555 without undue delay. Amendment 139 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 7 – paragraph 1 1. Where the C~~ross-border SO~~SIRTs-ISACs obtain information relating to a potential or ongoing large-scale cybersecurity incident, they shall provide relevant information to EU=-CyCLONe, and the CSIRTs network ~~and the Commission~~, in view of their respective crisis management roles in accordance with Directive (EU) 2022/2555 without undue delay. Amendment 140 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 7 – paragraph 2 2. The Commission may, by means of implementing acts, determine the procedural arrangements for the information sharing provided for in paragraphs 1. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 21(2) of this Regulation.deleted Amendment 141 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 7 – paragraph 2 2. The Commission may, after consulting the cross-border platforms and the CSIRT network, by means of implementing acts, determine the procedural arrangements for the information sharing provided for in paragraphs 1. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 21(2) of this Regulation and in accordance with Directive (EU) 2022/2555. Amendment 142 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 7 – paragraph 2 2. The Commission may, after consulting ENISA, by means of implementing acts, determine the procedural arrangements for the information sharing provided for in paragraphs 1. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 21(2) of this Regulation. Amendment 143 # Johan NISSINEN Proposal for a regulation Article 8 – paragraph 1 1. Member States participating in the European Cyber Shield shall ensure a high level of confidentiality, data security and physical security of the European Cyber Shield infrastructure, and shall ensure that the infrastructure shall be adequately managed and controlled in such a way as to protect it from threats and to ensure its security and that of the systems, including that of data exchanged through the infrastructure. Amendment 144 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 8 – paragraph 3 3. The Commission may adopt implementing acts laying down technical requirements for Member States to comply with their obligation under paragraph 1 and 2. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 21(2) of this Regulation. In doing so, the Commission, supported by the High Representative, shall take into account relevant defence-level security standards, in order to facilitate cooperation with military actors.deleted Amendment 145 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 8 – paragraph 3 3. The Commission may adopt implementing acts laying down technical requirements for Member States to comply with their obligation under paragraph 1 and 2. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 21(2) of this Regulation and with Directive (EU) 2022/2555 and 2022/2557. In doing so, the Commission, supported by the High Representative, shall take into account relevant defence-level security standards, in order to facilitate cooperation with military actors. Amendment 146 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 8 – paragraph 3 3. The Commission may adopt implementing acts, after consulting ENISA, laying down technical requirements for Member States to comply with their obligation under paragraph 1 and 2. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 21(2) of this Regulation. In doing so, the Commission, supported by the High Representative, shall take into account relevant defence-level security standards, in order to facilitate cooperation with military actors. Amendment 147 # Johan NISSINEN Proposal for a regulation Article 9 – paragraph 1 1. A Cyber Emergency Mechanism is established to improve the Union’s resilience to major cybersecurity threats and prepare for and mitigate, in a spirit of solidarity, the short-term impact of significant and large-scale cybersecurity incidents (the ‘Mechanism’), at the explicit request of the Member State(s) concerned. Amendment 148 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 9 – paragraph 1 1. A Cyber Emergency Mechanism is established to improve the Union’s resilience to ~~major~~significant cybersecurity threats and prepare for and mitigate, in a spirit of solidarity, the short-term impact of significant and large-scale cybersecurity incidents (the ‘Mechanism’). Amendment 149 # Johan NISSINEN Proposal for a regulation Article 10 – paragraph 1 – point b (b) response actions, supporting response to and immediate recovery from significant and large-scale cybersecurity incidents, to be provided by trusted providers participating in the EU Cybersecurity Reserve established under Article 12, at the explicit request of the Member State(s) concerned; Amendment 150 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 10 – paragraph 1 – point b (b) response actions, supporting response to and immediate recovery from significant and large-scale cybersecurity incidents, to be provided by trusted managed security service providers participating in the EU Cybersecurity Reserve established under Article 12; Amendment 151 # Ville NIINISTÖ Proposal for a regulation Article 10 – paragraph 1 a (new) 1a. Following the triggering of the cyber emergency mechanism, the Commission shall report each year the assessment of both positive and negative working of the mechanism, including whether further cooperation or training requirements are needed. Amendment 152 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 11 – paragraph 1 1. For the purpose of supporting the coordinated preparedness testing of entities referred to in Article 10(1), point (a), across the Union, the Commission, after consulting the NIS Cooperation Group and ENISA, shall identify the sectors, or sub- sectors, concerned, from the Sectors of High Criticality listed in Annex I to Directive (EU) 2022/2555 from which entities may be subject to the voluntary coordinated preparedness testing, taking into account existing and planned coordinated risk assessments and resilience testing at Union level. Amendment 153 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 11 – paragraph 2 2. The NIS Cooperation Group in cooperation with the Commission, ENISA, and the High Representative, shall develop common risk scenarios and methodologies for the coordinated ~~testing exercises~~preparedness testing. This will inform the identification of sectors, or -subsectors concerned from which entities may be subject to the coordinated prepareness testing as described in paragraph 1. Amendment 154 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 11 – paragraph 2 2. The NIS Cooperation Group in cooperation with the Commission, ENISA, ~~and~~ the High Representative, and the entities that may be subject to the preparedness testing, shall develop common risk scenarios and methodologies for the coordinated testing exercises. Amendment 155 # Johan NISSINEN Proposal for a regulation Article 12 – paragraph 1 1. An EU Cybersecurity Reserve shall be established, in order to assist users referred to in paragraph 3, in responding or providing support for responding to significant or large-scale cybersecurity incidents, and immediate recovery from such incidents, at the explicit request of the Member State(s) concerned and without prejudice to the specific character of the security and defence policy of certain Member States. Amendment 156 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 12 – paragraph 2 2. The EU Cybersecurity Reserve shall consist of incident response services from trusted providers selected in accordance with the criteria laid down in Article 16. The Reserve shall include pre- committed services. The services shall be deployable in all Member States, shall reinforce the Union’s resilience and sovereignty, and improve the Union’s competitiveness. The names of the selected trusted providers and their services shall be kept confidential. Amendment 157 # Johan NISSINEN Proposal for a regulation Article 12 – paragraph 2 2. The EU Cybersecurity Reserve shall consist of incident response services from trusted providers selected in accordance with the criteria laid down in Article 16. The Reserve shall include pre- committed services. The services shall be deployable in all Member States. The EU Cybersecurity Reserve does not limit the need to allow countries to monitor and assess their own needs. Amendment 158 # Evžen TOŠENOVSKÝ 2. The EU Cybersecurity Reserve shall consist of incident response services from trusted managed security service providers selected in accordance with the criteria laid down in Article 16. The Reserve shall include pre- committed services. The services ~~shall be~~may be, upon request, deployable in all Member States. Amendment 159 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 12 – paragraph 3 – point b (b) ~~Union institutions, bodies and agencies~~Third countries refferred to in Article 17 of this Regulation. Amendment 160 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 12 – paragraph 4 4. Users referred to in paragraph 3, point (a), ~~shall~~may, upon request use the services from the EU Cybersecurity Reserve in order to respond or support response to and immediate recovery from significant or large-scale incidents affecting entities operating in critical or highly critical sectors. Amendment 161 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 12 – paragraph 5 5. The Commission shall have overall responsibility for the implementation of the EU Cybersecurity Reserve. The Commission shall determine the priorities and evolution of the EU Cybersecurity Reserve, in coordination with the NIS2 Coordination Group and in line with the requirements of the users referred to in paragraph 3, and shall supervise its implementation, and ensure complementarity, consistency, synergies and links with other support actions under this Regulation as well as other Union actions and programmes. Amendment 162 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 12 – paragraph 5 5. The Commission shall have overall responsibility for the implementation of the EU Cybersecurity Reserve. The Commission in cooperation with ENISA shall determine the priorities and evolution of the EU Cybersecurity Reserve, in line with the requirements of the users referred to in paragraph 3, and shall supervise its implementation, and ensure complementarity, consistency, synergies and links with other support actions under this Regulation as well as other Union actions and programmes. Amendment 163 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 12 – paragraph 6 ~~6. The Commission may entrust the operation and administration of the EU Cybersecurity Reserve, in full or in part, to ENISA, by means of contribution agreements.~~deleted Amendment 164 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 12 – paragraph 6 6. The Commission ~~may~~shall entrust the operation and administration of the EU Cybersecurity Reserve, in full or in part, to ENISA, by means of contribution agreements. Amendment 165 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 12 – paragraph 7 7. In order to support the Commission in establishing the EU Cybersecurity Reserve, ENISA shall prepare a mapping of the services needed, including the needed skills and capacity of the cybersecurity workforce, after consulting Member States and the Commission. ENISA shall prepare a similar mapping, after consulting the Commission and in partnership with the private sector, to identify the needs of third countries eligible for support from the EU Cybersecurity Reserve pursuant to Article 17. The Commission, where relevant, shall consult the High Representative. Amendment 166 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 12 – paragraph 7 7. In order to support the Commission in establishing the EU Cybersecurity Reserve, ENISA shall prepare a mapping of the services needed, after consulting Member States and the Commission. ENISA shall prepare a similar mapping, after consulting the Commission, to identify the needs of third countries eligible for support from the EU Cybersecurity Reserve pursuant to Article 17. The Commission, where relevant, shall consult the High Representative. Representative and inform the Council about the needs of third countries. Amendment 167 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN 7. In order to support the Commission in establishing the EU Cybersecurity Reserve, ENISA shall prepare a mapping of the services needed, after consulting Member States ~~and~~, the Commission, managed security services providers and industry representatives. ENISA shall prepare a similar mapping, after consulting the Commission, to identify the needs of third countries eligible for support from the EU Cybersecurity Reserve pursuant to Article 17. The Commission, where relevant, shall consult the High Representative. Amendment 168 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 12 – paragraph 8 8. The Commission may~~, by means of implementing acts,~~ adopt a Delegated Act in accordance with Article 20a of this Regulation to specify the types and the number of response services required for the EU Cybersecurity Reserve. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 21(2). Amendment 169 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 13 – paragraph 5 – point a (a) ~~appropriate information regarding the~~type of affected entity and potential impacts of the incident and the planned use of the requested support, including an indication of the estimated needs; Amendment 170 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 13 – paragraph 5 – point b (b) ~~information~~general about measures taken to mitigate the incident for which the support is requested, as referred to in paragraph 2; Amendment 171 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 13 – paragraph 5 – point c (c) information about other forms of support available to the affected entity~~, including contractual arrangements in place for incident response and immediate recovery services, as well as insurance contracts potentially covering such type of incident.~~ Amendment 172 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 13 – paragraph 7 7. The Commission may, by means of implementing acts, specify further the detailed arrangements for allocating the EU Cybersecurity Reserve support services. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 21(2).deleted Amendment 173 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 13 – paragraph 7 7. The Commission may~~, by means of implementing acts,~~ adopt delegated acts in accordance with Article 20a of this Regulation to specify further the detailed arrangements for allocating the EU Cybersecurity Reserve support services. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 21(2). Amendment 174 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 14 – paragraph 1 1. Requests for support from the EU Cybersecurity Reserve, shall be assessed by the Commission, with the support of ENISA ~~or as defined in contribution agreements under Article 12(6), and a response~~and its decision shall be transmitted to the users referred to in Article 12(3) without ~~delay~~undue delay and in any event within 24 hours. Amendment 175 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 14 – paragraph 2 – point d (d) the scale and potential cross-border nature of the incident and the risk of spill over to other Member States or users; Amendment 176 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 14 – paragraph 3 3. The EU Cybersecurity Reserve services shall be provided in accordance with specific agreements between the service provider and the user to which the support under the EU Cybersecurity Reserve is provided. Those agreements shall include liability conditions and any other provisions the parties to the agreement deem necessary for the provision of the respective service. Amendment 177 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 14 – paragraph 3 3. The EU Cybersecurity Reserve services shall be provided upon approval of the user and in accordance with specific agreements between the service provider and the user to which the support under the EU Cybersecurity Reserve is provided. Those agreements shall include liability conditions. Amendment 178 # Angelika NIEBLER, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 14 – paragraph 4 4. The agreements referred to in paragraph 3 ~~may~~shall be based on templates prepared by ENISA, after consulting Member States and other users of the reserve. Amendment 179 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 14 – paragraph 5 ~~5. The Commission and ENISA shall bear no contractual liability for damages caused to third parties by the services provided in the framework of the implementation of the EU Cybersecurity Reserve.~~deleted Amendment 180 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 14 – paragraph 5 5. The Commission and ENISA shall bear no contractual liability for damages caused to third parties by the services provided in the framework of the implementation of the EU Cybersecurity Reserve, except in cases of negligence in the evaluation of the application of the service provider, or in cases where the Commission or ENISA are users and are found responsible for damages. Amendment 181 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 14 – paragraph 5 5. The Commission and ENISA shall bear no contractual liability for damages caused to third parties by the services provided in the framework of the implementation of the EU Cybersecurity Reserve, except for cases where the Commission or ENISA are users of the Reserve according to Article 14 (3). Amendment 182 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 14 – paragraph 6 6. Within one month from the end of the support action, the users shall provide Commission and ENISA with a summary report about the service provided, results achieved and the lessons learned. When the user is from a third country as set out in Article 17, such report shall be shared with the High Representative. The report shall respect Union or national law concerning the protection of sensitive or classified information. Amendment 183 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 14 – paragraph 6 6. Within one month from the end of the support action, the users shall provide Commission ~~and ENISA~~, ENISA, CSIRTs Network and, where relevant, EU-CyCLONe with a summary report about the service provided, results achieved and the lessons learned. When the user is from a third country as set out in Article 17, such report shall be shared with the High Representative. Amendment 184 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 14 – paragraph 7 7. The Commission shall report to the NIS Cooperation Group about the use and the results of the support, on a regular basis. It shall protect confidential information, in accordance with Union or national law concerning the protection of sensitive or classified information. Amendment 185 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 14 – paragraph 7 7. The Commission shall report at least twice a year to the NIS Cooperation Group about the use and the results of the support~~, on a regular basis~~. Amendment 186 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 15 – title Coordination of the Cyber Emergency Mechanism with crisis management mechanisms Amendment 187 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 15 – paragraph 3 3. In consultation with the High Representative, support under the Cyber Emergency Mechanism may complement assistance provided in the context of the Common Foreign and Security Policy and Common Security and Defence Policy, including through the Cyber Rapid Response Teams. It may also complement or contribute to assistance provided by one Member State to another Member State in the context of Article 42(7) of the Treaty on the European Union. Amendment 188 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 16 – title Trusted managed security service providers Amendment 189 # Johan NISSINEN 1. In procurement procedures for the purpose of establishing the EU Cybersecurity Reserve, the contracting authority shall act in accordance with the principles laid down in the Regulation (EU, Euratom) 2018/1046, without prejudice to the Member States’ primary responsibility for national security, and in accordance with the following principles: Amendment 190 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 16 – paragraph 1 – point a (a) ensure the EU Cybersecurity Reserve includes services that may be deployed in all Member States and third countries in accordance with Article 17 of this Regulation, taking into account in particular national requirements for the provision of such services, including certification or accreditation; Amendment 191 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 16 – paragraph 1 – point c (c) ensure that the EU Cybersecurity Reserve brings EU added value, by contributing to the objectives set out in Article 3 of Regulation (EU) 2021/694, including promoting the development of cybersecurity skills in the EU, reinforcing the Union’s resilience and sovereignty, and improving the Union’s competitiveness. Amendment 192 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 16 – paragraph 1 – point c (c) ensure that the EU Cybersecurity Reserve ~~brings EU added value, by~~ contribut~~ing~~es to the objectives set out in Article 3 of Regulation (EU) 2021/694, including promoting the development of cybersecurity skills in the EU. Amendment 193 # Angelika NIEBLER, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 16 – paragraph 2 – point f (f) the provider shall be equipped with the up-to-date hardware and software technical equipment necessary to support the requested service and shall meet the requirements set out in Regulation XX/XXXX (Cyber Resilience Act), where applicable; Amendment 194 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 16 – paragraph 2 – point f a (new) (fa) the provider shall demonstrate that its decision and management structures are free from any undue influence by governments of states classified as systemic rivals of the Union; Amendment 195 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 16 – paragraph 2 – point h (h) the provider shall be able to provide the service within a short timeframe in the Member State(s) or third countries where it can deliver the service; Amendment 196 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 16 – paragraph 2 – point i (i) the provider shall be able to provide the service in the local language of the Member State(s) or third countries where it can deliver the service; or in one of the working languages of the EU institutions; Amendment 197 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 16 – paragraph 2 – point j (j) once an EU certification scheme for managed security service Regulation (EU) 2019/881 is in place, the provider shall be certified in accordance with that scheme, within a period of two years after the scheme has been adopted. Amendment 198 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 16 – paragraph 2 – point j (j) once an EUuropean cybersecurity certification scheme for managed security service pursuant to Regulation (EU) 2019/881 is in place, the provider shall be certified in accordance with that scheme. Amendment 199 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 16 – paragraph 2 – point j (j) once an EU certification scheme for managed security service Regulation (EU) 2019/881 is in place, the provider shall be certified in accordance with that scheme within two years. Amendment 200 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 16 – paragraph 2 – point j a (new) (ja) the provider shall be able to unbundle their services from the wider contract so the user can switch to another service provider; Amendment 201 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 17 – paragraph 6 6. The Commission shall without undue delay notify the Council and coordinate with the High Representative about the requests received and the implementation of the support granted to third countries from the EU Cybersecurity Reserve. Amendment 202 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 18 Cybersecurity Incident Review 1. At the request of the Commission, the EU-CyCLONe or the CSIRTs network, ENISA shall review and assess threats, vulnerabilities and mitigation actions with respect to a specific significant or large- scale cybersecurity incident. Following the completion of a review and assessment of an incident, ENISA shall deliver an incident review report to the CSIRTs network, the EU-CyCLONe and the Commission to support them in carrying out their tasks, in particular in view of those set out in Articles 15 and 16 of Directive (EU) 2022/2555. Where relevant, the Commission shall share the report with the High Representative. 2. To prepare the incident review report referred to in paragraph 1, ENISA shall collaborate all relevant stakeholders, including representatives of Member States, the Commission, other relevant EU institutions, bodies and agencies, managed security services providers and users of cybersecurity services. Where appropriate, ENISA shall also collaborate with entities affected by significant or large-scale cybersecurity incidents. To support the review, ENISA may also consult other types of stakeholders. Consulted representatives shall disclose any potential conflict of interest. 3. The report shall cover a review and analysis of the specific significant or large-scale cybersecurity incident, including the main causes, vulnerabilities and lessons learned. It shall protect confidential information, in accordance with Union or national law concerning the protection of sensitive or classified information. 4. Where appropriate, the report shall draw recommendations to improve the Union’s cyber posture. 5. Where possible, a version of the report shall be made available publicly. This version shall only include public information.Article 18 deleted Mechanism Amendment 203 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 18 – paragraph 2 2. To prepare the incident review report referred to in paragraph 1, ENISA shall collaborate with and gather feedback from all relevant stakeholders, including representatives of Member States, the Commission, other relevant EU institutions, bodies and agencies, managed security services providers and users of cybersecurity services. Where appropriate, ENISA shall also collaborate with entities affected by significant or large-scale cybersecurity incidents. To support the review, ENISA may also consult other types of stakeholders. Consulted representatives shall disclose any potential conflict of interest. Amendment 204 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 18 – paragraph 3 3. The report shall cover a review and analysis of the specific significant or large- scale cybersecurity incident, including the main causes, vulnerabilities and lessons learned. It shall protect confidential information, in accordance with Union or national law concerning the protection of sensitive or classified information. It shall not include any details about actively exploited vulnerabilities that remain unpatched. Amendment 205 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 18 – paragraph 4 4. Where appropriate, the report shall draw concrete recommendations, including for all relevant stakeholders, to improve the Union’s cyber posture.; Amendment 206 # Johan NISSINEN Proposal for a regulation Article 18 – paragraph 4 4. Where appropriate, the report shall draw non-legally binding voluntary recommendations to improve the Union’s cyber posture. Amendment 207 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 19 – paragraph 1 – point 1 – point a – point 1 Regulation (EU) 2021/694 Article 1 paragraph 1 – point (aa) (aa) support the development of an EU Cyber Shield, including the development, deployment and operation of ~~National and Cross-border SOCs platform~~CSIRTs- ISACs and SOCs that contribute to situational awareness in the Union and to enhancing the cyber threat intelligence capacities of the Union; Amendment 208 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 19 – paragraph 1 – point 3 Regulation (EU) 2021/694 Article 14 (2) The Programme may provide funding in any of the forms laid down in the Financial Regulation, including in particular through procurement as a primary form, or grants and prizes. ENISA shall receive additional resources to carry out its additional tasks laid down in Regulation XX/XXX (Cyber Solidarity Act). That additional funding shall not jeopardise the achievements of the objectives of the Programme. Amendment 209 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 19 – paragraph 1 – point 5 Regulation (EU) 2021/694 Article 19 Support in the form of grants may be awarded directly by the ECCC without a call for proposals to the ~~National SO~~CSIRTs-ISACs referred to in Article 4 of Regulation XXXX ~~and the Hosting Consortium~~ referred to in Article 5 of Regulation XXXX, in accordance with Article 195(1), point (d) of the Financial Regulation. Amendment 210 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 20 – title Evaluation and Review Amendment 211 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 20 – paragraph 1 By [~~four~~two years after the date of application of this Regulation]~~, the Commission shall submit a report on the evaluation and review of this Regulation to the European Parliament and to the Council.~~ and every two years thereafter, the Commission shall carry out an evaluation of the functioning of the measures laid down in this Regulation and submit a report to the European Parliament and the Council. The evaluation shall assess in particular: (a) the participation of Member States in the European Cyber Shield, including the number of National SOCs and cross- border SOCs established as part of the Regulation and the effectiveness of information exchange; (b) the contribution of this Regulation to reinforce the Union’s resilience and sovereignty, to improve the competitiveness of the relevant industry sectors, including SMEs, and the development of cybersecurity skills in the EU; (c) the use of the Cybersecurity Reserve, including whether the scope of the reserve should be broadened to incident preparedness services or common exercises with the trusted providers and potential users of the Cybersecurity Reserve to ensure efficient functioning of the Reserve when needed; (d) the contribution of this Regulation to the development and improvement of the skills and competences of the workforce in the cybersecurity sector, needed to strengthen the Union's capacity to detect, prevent, respond to and recover from cybersecurity threats and incidents; (e) the contribution of this Regulation to the deployment and development of state- of-the-art technologies in the Union; On the basis of that report, the Commission shall, where appropriate, submit a legislative proposal to the Parliament and the Council to amend this Regulation. Amendment 212 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 20 – paragraph 1 By [four years after the date of application of this Regulation], the Commission shall submit a report on the evaluation and review of this Regulation to the European Parliament and to the Council. The report shall be accompanied, where necessary, by a legislative proposal. Amendment 213 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN, Nicola DANTI Proposal for a regulation Article 20 – paragraph 1 a (new) Every year when presenting the Draft Budget for the following year, the Commission shall submit a detailed assessment of ENISA's tasks under this Regulation as well as [the proposal for a Regulation on horizontal cybersecurity requirements for products with digital elements] and other Union legislation and shall detail the financial and human resources needed to fulfil those tasks. Amendment 214 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 20 a (new) Article20a Exercise of the delegation 1. The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article. 2. The power to adopt delegated acts referred to in Article 12(8) and Article 13(7) shall be conferred on the Commission for a period of 5 years from … [date of entry into force of the basic legislative act or any other date set by the co-legislators]. The Commission shall draw up a report in respect of the delegation of power not later than nine months before the end of the 5 year period. The delegation of power shall be tacitly extended for periods of an identical duration, unless the European Parliament or the Council opposes such extension not later than three months before the end of each period. 3. The delegation of power referred to in Article 12(8) and Article 13(7) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force 4. Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making. 5. As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council. 6. A delegated act adopted pursuant to Article 12(8) or Article 13(7) shall enter into force only if no objection has been expressed either by the European Parliament or by the Council within a period of two months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by [two months] at the initiative of the European Parliament or of the Council. Amendment 215 # Evžen TOŠENOVSKÝ Proposal for a regulation Annex I – paragraph 1 – point 1 Regulation (EU) 2021/694 Annex I – chapter "Specific Objective 3 – Cybersercurity and Trust" 1. Co-investment with Member States in advanced cybersecurity equipment, infrastructures and knowhow that are essential to protect critical infrastructures and the Digital Single Market at large. Such co-investment could include investments in quantum facilities and data resources for cybersecurity, situational awareness in cyberspace including Nnational ~~SOCs and Cross-border~~CSIRTs and SOCs forming the European Cyber Shield, as well as other tools to be made available to public and private sector across Europe. Amendment 216 # Evžen TOŠENOVSKÝ Proposal for a regulation Annex I – paragraph 1 – point 1 Regulation (EU) 2021/694 Annex I – chapter "Specific Objective 3 – Cybersercurity and Trust" 5. Promoting solidarity among Member States in preparing for and responding to significant cybersecurity incidents through deployment of cybersecurity services across borders, including support for mutual assistance between public authorities and the establishment of a reserve of trusted ~~cybersecurity~~managed security service providers at Union level.; Amendment 46 # Evžen TOŠENOVSKÝ Proposal for a regulation Title 1 Proposal for aREGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCILlaying down measures to strengthen solidarity and capacities in the Union to detect, prepare for and respond to cybersecurity threats and incidents (Cyber Solidarity Act) Amendment 47 # Ville NIINISTÖ Proposal for a regulation Recital 1 (1) The use of and dependence on information and communication technologies have become fundamental aspects and vulnerabilities in all sectors of economic activity as our public administrations, companies and citizens are more interconnected and interdependent across sectors and borders than ever before. Amendment 48 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Recital 2 (2) The magnitude, frequency and impact of cybersecurity incidents are increasing, including supply chain attacks aiming at cyberespionage, ransomware or disruption. They represent a major threat to the functioning of network and information systems. In view of the fast-evolving threat landscape, the threat of possible large-scale incidents causing significant disruption or damage to critical infrastructures across the Union demands heightened preparedness at all levels of the Union’s cybersecurity framework. That threat goes beyond Russia’s military aggression on Ukraine, and is likely to persist given the multiplicity of state- aligned, criminal and hacktivist actors involved in current geopolitical tensions. Such incidents can impede the provision of public services and the pursuit of economic activities, including in critical or highly critical sectors, generate substantial financial losses, undermine user confidence, cause major damage to the economy of the Union, and could even have health or life- threatening consequences. Moreover, cybersecurity incidents are unpredictable, as they often emerge and evolve within very short periods of time, not contained within any specific geographical area, and occurring simultaneously or spreading instantly across many countries. Therefore, close and coordinated cooperation between the public sector, the private sector, the Member states, Union institutions or agencies, and acedemia is necessary to improve the Union’s cybersecurity posture. The Union’s response should be in cooperation with trusted and like-minded international partners and international institutions and aligned with international cooperation frameworks and agreements. Amendment 49 # Ville NIINISTÖ Proposal for a regulation Recital 2 (2) The magnitude, frequency and impact of cybersecurity incidents are increasing, including supply chain attacks aiming at cyberespionage, ransomware or disruption. They represent a major threat to the functioning of network and information systems. In view of the fast-evolving threat landscape, the threat of possible large-scale incidents causing significant disruption or damage to critical infrastructures demands heightened preparedness at all levels of the Union’s cybersecurity framework. That threat goes beyond Russia’s military aggression on Ukraine, and is likely to persist given the multiplicity of state- aligned, and criminal ~~and hacktivist~~ actors involved in current geopolitical tensions. Such incidents can impede the provision of public services and the pursuit of economic activities, including in critical or highly critical sectors, generate substantial financial losses, undermine user confidence, cause major damage to the economy of the Union, and could even have health or life-threatening consequences. Moreover, cybersecurity incidents are unpredictable, as they often emerge and evolve within very short periods of time, not contained within any specific geographical area, and occurring simultaneously or spreading instantly across many countries. Amendment 50 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Ioan-Rareş BOGDAN, Cristian-Silviu BUŞOI Proposal for a regulation Recital 3 (3) It is necessary to strengthen the competitive position of industry and services sectors in the Union across the digitised economy and support their digital transformation, by reinforcing the level of cybersecurity in the Digital Single Market. As recommended in three different proposals of the Conference on the Future of Europe16 , it is necessary to increase the resilience of citizens, businesses, including micro-, small and medium-sized enterprises (SMEs), and entities operating critical infrastructures, including local or regional authorities, against the growing cybersecurity threats, which can have devastating societal and economic impacts. Therefore, investment in infrastructures ~~and service~~, services, and highly-qualified personnel with the needed skills that will support faster detection and response to cybersecurity threats and incidents is needed, and Member States need assistance in better preparing for, as well as responding to significant and large-scale cybersecurity incidents, also through pro- actively gathering intelligence. The Union should also increase its capacities in these areas, notably as regards the collection and analysis of data on cybersecurity threats and incidents. ~~_________________ 16~~[1] https://futureu.europa.eu/en/ Amendment 51 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Recital 5 (5) The growing cybersecurity risks and an overall complex threat landscape, with a clear risk of rapid spill-over of cyber incidents from one Member State to others and from a third country to the Union requires strengthened solidarity at Union level to better detect, prepare for ~~and~~, respond to, and recover from cybersecurity threats and incidents. Member States have also invited the Commission to present a proposal on a new Emergency Response Fund for Cybersecurity in the Council Conclusions on an EU Cyber Posture21 . _________________ 21 Council conclusions on the development of the European Union's cyber posture approved by the Council at its meeting on 23 May 2022, (9364/22) Amendment 52 # Angelika NIEBLER, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Recital 9 a (new) (9a) In light of the geopolitical developments and increasing cyber threat landscape, the continuity and further development of the measures laid down in this Regulation, particularly the European Cyber Shield and the European Emergency Mechanism, is important. Therefore, it is necessary to ensure a specific budget line in the multiannual financial framework for 2028 to 2034. Member States should also commit to supporting all necessary measures to strengthen solidarity within the Union and to reduce cyber threats and incidents throughout the Union. Amendment 53 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Recital 12 (12) To more effectively prevent, assess ~~and~~, respond to, and recover from cyber threats and incidents, it is necessary to develop more comprehensive knowledge about the threats to critical assets and infrastructures on the territory of the Union, including their geographical distribution, interconnection and potential effects in case of cyber-attacks affecting those infrastructures, including by gathering pro-active intelligence. A large-scale Union infrastructure of SOCs should be deployed (‘the European Cyber Shield’), comprising of several interoperating cross- border platforms, each grouping together several National SOCs. A national SOC is a centralized capacity repsonsible for continuously gathering threat intelligence information and improving the cybersecurity posture of entities under national jurisdiction by preventing, detecting, and analyzing cybersecurity threats. That infrastructure should serve national and Union cybersecurity interests and needs, leveraging state of the art technology for advanced data collection and analytics tools, enhancing cyber detection and management capabilities and providing real-time situational awareness. That infrastructure should serve to increase detection of cybersecurity threats and incidents and thus complement and support Union entities and networks responsible for crisis management in the Union, notably the EU Cyber Crises Liaison Organisation Network (‘EU-CyCLONe’), as defined in Directive (EU) 2022/2555 of the European Parliament and of the Council24 . _________________ 24 Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive) (OJ L 333, 27.12.2022, p. 80). Amendment 54 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Recital 13 (13) EIn order to participate in the European Cyber Shield, each Member State should designate a public body at national level tasked with coordinating cyber threat detection and information sharing activities in that Member State. Member States are strongly encouraged to incorporate the National SOC capacity into their already existing cyber structure and governance to not create additional governance layers and to align the Cyber Solidarity Act with already existing legislation, including Directive 2022/2555. These National SOCs should act as a reference point and gateway at national level for participation of private and public entities, particularly their SOCs, in the European Cyber Shield and should ensure that cyber threat information from public and private entities is shared and collected at national level in an effective and streamlined manner. National SOCs should strengthen the cooperation and information sharing between public and private entities to break up currently existing communication siloes. In doing so, they may support the creation of data exchange models and should facilitate and encourage the sharing of information in a trusted and secure environment. Close and coordinated cooperation between public and private entities is central for strengthening the Union’s resilience in the cybersecurity sphere. Amendment 55 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Recital 14 (14) As part of the European Cyber Shield, a number of Cross-border Cybersecurity Operations Centres (‘Cross- border SOCs’) should be established. These should bring together National SOCs from at least three Member States, so that the benefits of cross-border threat detection and information sharing and management can be fully achieved. The general objective of Cross-border SOCs should be to strengthen capacities to analyse, prevent and detect cybersecurity threats and to support the production of high-quality and pro-active intelligence on cybersecurity threats, notably through the sharing of data from various sources, public or private, as well as through the sharing and joint use of state-of-the-art tools, and jointly developing detection, analysis and prevention capabilities in a trusted environment. The~~y should provide new additional capacity, building upon and complementing exist~~ cross-border SOCs should facilitate and encourage the sharing of information in a trusted and secure environment. ENISA should support Cross-border SOCs in matters related to operational cooperation. They should provide new additional capacity, while being incorporated in the already existing cybersecurity infrastructure, including SOCs and computer incident response teams (‘CSIRTs’) and other relevant actors. Amendment 56 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Recital 15 (15) At national level, the monitoring, detection and analysis of cyber threats is typically ensured by SOCs of public and private entities, in combination with CSIRTs. In addition, CSIRTs exchange information in the context of the CSIRT network, in accordance with Directive (EU) 2022/2555. The Cross-border SOCs should constitute a new capa~~bil~~city that is ~~complementary to~~incorporated into the already existing cybersecurity infrastructure, particularly the CSIRTs network, by pooling and sharing data on cybersecurity threats from public and private entities, in particular their SOCs, enhancing the value of such data through expert analysis and jointly acquired infrastructures and state of the art tools, and contributing to the development of Union capabilities and technological sovereignty, to strengthen the Union's resilience. Amendment 57 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Recital 15 (15) At national level, the monitoring, detection and analysis of cyber threats is typically ensured by SOCs of public and private entities, in combination with CSIRTs. In addition, CSIRTs exchange information in the context of the CSIRT network, in accordance with Directive (EU) 2022/2555. The Cross-border SOCs should constitute a new capability that is complementary to the CSIRTs network, by pooling and sharing data on cybersecurity threats from public and private entities, enhancing the value of such data through expert analysis and jointly acquired infrastructures and state of the art tools, and contributing to the development of ~~Union capabilities and technological sovereignty~~a significant cybersecurity ecosystem with strong Union capabilities and cooperation with like-minded partners. Amendment 58 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Recital 16 (16) The Cross-border SOCs should act as a central point allowing for a broad pooling of relevant data and cyber threat intelligence, enable the spreading of threat information among a large and diverse set of actors (e.g., Computer Emergency Response Teams (‘CERTs’), CSIRTs, Information Sharing and Analysis Centers (‘ISACs’), operators of critical infrastructures). to facilitate the break-up of currently existing communication siloes. In doings so, cross-border SOCs could also support the creation of data exchange models across the Union.The information exchanged among participants in a Cross- border SOC could include data from networks and sensors, threat intelligence feeds, including the gathering of pro-active intelligence, indicators of compromise, and contextualised information about incidents, threats and vulnerabilities. In addition, Cross-border SOCs should also enter into cooperation agreements with other Cross- border SOCs. Amendment 59 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Recital 16 (16) The Cross-border SOCs should act as a central point allowing for a broad pooling of relevant data and cyber threat intelligence, enable the spreading of threat information among a large and diverse set of actors (e.g., Computer Emergency Response Teams (‘CERTs’), CSIRTs, Information Sharing and Analysis Centers (‘ISACs’), operators of critical infrastructures). The information exchanged among participants in a Cross- border SOC could include analyzed data from networks ~~and~~, sensors, logging, and telemetry, threat intelligence feeds, indicators of compromise, and contextualised information about ~~incident~~tactics, techniques and procedures (TTPs), incidents, malware samples, threats and vulnerabilities. In addition, Cross-border SOCs should also enter into cooperation agreements with other Cross- border SOCs. Amendment 60 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Recital 17 (17) Shared situational awareness among relevant authorities is an indispensable prerequisite for Union-wide preparedness and coordination with regards to significant and large-scale cybersecurity incidents. Directive (EU) 2022/2555 establishes the EU–CyCLONe to support the coordinated management of large-scale cybersecurity incidents and crises at operational level and to ensure the regular exchange of relevant information among Member States and Union institutions, bodies and agencies. Recommendation (EU) 2017/1584 on coordinated response to large-scale cybersecurity incidents and crises addresses the role of all relevant actors. Directive (EU) 2022/2555 also recalls the Commission’s responsibilities in the Union Civil Protection Mechanism (‘UCPM’) established by Decision 1313/2013/EU of the European Parliament and of the Council, as well as for providing analytical reports for the Integrated Political Crisis Response Mechanism (‘IPCR’) arrangements under Implementing Decision (EU) 2018/1993. Therefore, in situations where Cross-border SOCs obtain information related to a potential or ongoing large-scale cybersecurity incident, they should provide relevant information to EU-CyCLONe, the CSIRTs network and the Commission, in line with already existing provisions under Directive (EU) 2022/2555. In particular, depending on the situation, information to be shared could include technical information, information about the nature and motives of the attacker or potential attacker, and higher-level non- technical information about a potential or ongoing large-scale cybersecurity incident. In this context, due regard should be paid to the need-to-know principle and to the potentially sensitive nature of the information shared. Amendment 61 # Angelika NIEBLER, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Recital 19 (19) In order to enable the exchange of data on cybersecurity threats from various sources, on a large-scale basis, in a trusted environment, entities participating in the European Cyber Shield should be equipped with state-of-the-art and highly-secure tools, equipment and infrastructures and highly-skilled personnel. This should make it possible to improve collective detection capacities and timely warnings to authorities and relevant entities, notably by using the latest artificial intelligence and data analytics technologies. Amendment 62 # Angelika NIEBLER, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Recital 20 (20) By collecting, sharing and exchanging data, the European Cyber Shield should enhance the Union’s technological sovereignty. The pooling of high-quality curated data should also contribute to the development of advanced artificial intelligence and data analytics technologies. It must be noted, however, that artificial intelligence is the most effective when paired with human analysis. Therefore, highly-skilled staff remains essential for pooling high-quality data and gathering of pro-active threat intelligence. It should be facilitated through the connection of the European Cyber Shield with the pan-European High Performance Computing infrastructure established by Council Regulation (EU) 2021/117325 . _________________ 25 Council Regulation (EU) 2021/1173 of 13 July 2021 on establishing the European High Performance Computing Joint Undertaking and repealing Regulation (EU) 2018/1488 (OJ L 256, 19.7.2021, p. 3). Amendment 63 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Recital 20 (20) By collecting, sharing and exchanging data, the European Cyber Shield should enhance the Union’s ~~technological sovereignty~~significant cybersecurity ecosystem. The pooling of high-quality curated data should also contribute to the development of advanced artificial intelligence and data analytics technologies. It should be facilitated through the connection of the European Cyber Shield with the pan- European High Performance Computing infrastructure established by Council Regulation (EU) 2021/117325 . _________________ 25 Council Regulation (EU) 2021/1173 of 13 July 2021 on establishing the European High Performance Computing Joint Undertaking and repealing Regulation (EU) 2018/1488 (OJ L 256, 19.7.2021, p. 3). Amendment 64 # Ville NIINISTÖ Proposal for a regulation Recital 21 (21) While the European Cyber Shield is a civilian project, the cyber defence community could benefit from stronger civilian detection and situational awareness capabilities developed for the protection of critical infrastructure. Cross-border SOCs, with the support of the Commission and the European Cybersecurity Competence Centre (‘ECCC’), and in cooperation with the High Representative of the Union for Foreign Affairs and Security Policy (the ‘High Representative’), should gradually develop dedicated access conditions and safeguards protocols and standards to allow for cooperation with the cyber defence community, including vetting and security conditions, respecting the civilian character of insitutions and the destination of funding, therefore using the funds available to the defence community . The development of the European Cyber Shield should be accompanied by a reflection enabling future collaboration with networks and platforms responsible for information sharing in the cyber defence community, in close cooperation with the High Representative and in full respect of rights and freedoms. Amendment 65 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Recital 24 (24) In view of the increasing risks and number of cyber incidents affecting Member States, it is necessary to set up a crisis support instrument to improve the Union’s resilience to significant and large- scale cybersecurity incidents and complement Member States’ actions through emergency financial support for preparedness, response and immediate recovery of essential services. That instrument should enable the rapid and effective deployment of assistance in defined circumstances and under clear conditions and allow for a careful monitoring and evaluation of how resources have been used. Whilst the primary responsibility for preventing, preparing for and responding to cybersecurity incidents and crises lies with the Member States, the Cyber Emergency Mechanism promotes solidarity between Member States in accordance with Article 3(3) of the Treaty on European Union (‘TEU’). Amendment 66 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Recital 27 (27) Assistance provided under this Regulation should be in support of, and complementary to, the actions taken by Member States at national level. To this end, close cooperation and consultation between the Commission, ENISA and the affected Member State should be ensured. When requesting support under the Cyber Emergency Mechanism, the Member State should provide relevant information justifying the need for support. Amendment 67 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Recital 33 (33) A Union-level Cybersecurity Reserve should gradually be set up, consisting of services from private providers of managed security services to support response and immediate recovery actions in cases of significant or large-scale cybersecurity incidents. The EU Cybersecurity Reserve should ensure the availability and readiness of services. The services from the EU Cybersecurity Reserve should serve to support national authorities in providing assistance to affected entities operating in critical or highly critical sectors as a complement to their own actions at national level, while reinforcing the Union’s resilience and competitiveness, including the participation of European managed security service providers that are SMEs. Trusted providers, including SMEs, should be able to cooperate with one another to fulfil the criteria above. The services from the EU Cybersecurity Reserve should serve to support national authorities in providing assistance to affected entities operating in critical or highly critical sectors as a complement to their own actions at national level. Where possible, the services should be based on state-of-the-art technologies, including cloud and artificial intelligence. Therefore, the Cybersecurity Reserve should incentivize investment in research and innovation to boost the development of these technologies. Where appropriate, common exercises with the trusted providers and potential users of the Cybersecurity Reserve could be conducted to ensure efficient functioning of the Reserve when needed. When requesting support from the EU Cybersecurity Reserve, Member States should specify the support provided to the affected entity at the national level, which should be taken into account when assessing the Member State request. The services from the EU Cybersecurity Reserve may also serve to support Union institutions, bodies and agencies, under similar conditions. Amendment 68 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Recital 33 (33) A Union-level Cybersecurity Reserve should gradually be set up, with initial funding of 10 million euro under this Regulation until the Evaluation. It consist~~ing~~s of services from private providers of managed security services to support response and immediate recovery actions in cases of significant or large-scale cybersecurity incidents. The EU Cybersecurity Reserve should ensure the availability and readiness of services. The services from the EU Cybersecurity Reserve should serve to support national authorities in providing assistance to affected entities operating in critical or highly critical sectors as a complement to their own actions at national level. When requesting support from the EU Cybersecurity Reserve, Member States should specify the support provided to the affected entity at the national level, which should be taken into account when assessing the Member State request. The services from the EU Cybersecurity Reserve may also serve to support Union institutions, bodies and agencies, under similar conditions. The Commission shall ensure that it will not duplicate similar initiatives within NATO. Amendment 69 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Recital 35 (35) To support the establishment of the EU Cybersecurity Reserve, the Commission cshould ~~consider~~ request~~ing~~ ENISA to prepare a candidate certification scheme pursuant to Regulation (EU) 2019/881 for managed security services in the areas covered by the Cyber Emergency Mechanism. Amendment 70 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN, Nicola DANTI Proposal for a regulation Recital 35 a (new) (35a) In light of the additional tasks provided for in this Regulation as well as in the [Proposal for horizontal cybersecurity requirements for products with digital elements], ENISA should be provided with the necessary human and financial resources under the Union budget. Amendment 71 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Recital 37 a (new) (37a) Incident response service providers from third countries, including third countries associated to the DEP or NATO members or other like-minded international partner countries, may be needed for the provision of specific services in the EU Cybersecurity Reserve. To strengthen the Union’s resilience and sovereignty and to safeguard the Union’s strategic assets, interests or security, it may be necessary to restrict or exclude the participation of legal entities established in or controlled by non-associated countries. Amendment 72 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Recital 38 a (new) (38a) Highly-skilled personnel, that is able to reliably deliver the relevant cybersecurity services at highest standards, is imperative for the effective implementation of the European Cyber Shield and the Cyber Emergency Mechanism. It is therefore concerning that the Union is faced with a talent gap, characterized by a shortage of skilled professionals, while facing a rapidly evolving threat landscape as acknowledged in the Commission communication of 18 April 2023 on the Cyber Skills Academy. It is important to bridge this talent gap by strengthening cooperation and coordination among the different stakeholders, including the private sector, academia, Member States, the Commission and ENISA to scale up and create synergies for the investment in education and training, the development of public-private partnerships, support of research and innovation initiatives, the development and mutual recognition of common standards and certification of cybersecurity skills, including through the European Cyber Security Skills Framework. This should also facilitate the mobility of cybersecurity professionals within the Union. This Regulation should aim to promote a more diverse cybersecurity workforce. Amendment 73 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Recital 38 b (new) (38b) Member States’ capacity building is essential for a Union-wide coordinated approach to strengthening the resilience of the Union's cybersecurity posture. As emphasized in the Commission communication of 18 April 2023 on the Cyber Skills Academy, the security of the Union cannot be guaranteed without the Union’s most valuable asset: its people. The European Cyber Security Skills Framework can help to better understand the composition of the Union's workforce, including the current and required competences within participating entities. Amendment 74 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Recital 39 (39) The objective of this Regulation, namely to break up communication silos and reinforce the Union’s cyber threat prevention, detection, response and recover capacities, can be better achieved at Union level than by the Member States. Hence, the Union may adopt measures, in accordance with the principles of subsidiarity and proportionality as set out in Article 5 of the Treaty on European Union. This Regulation does not go beyond what is necessary in order to achieve that objective. Amendment 75 # Nicola DANTI Proposal for a regulation Recital 39 a (new) (39a) In light of the additional tasks provided for in this Regulation as well as in the [Proposal for horizontal cybersecurity requirements for products with digital elements], ENISA should be provided with the necessary human and financial resources under the Union budget. Amendment 76 # Johan NISSINEN Proposal for a regulation Article 1 – paragraph 1 – introductory part 1. This Regulation lays down measures to strengthen capacities in the Union to detect, prepare for and respond to cybersecurity threats and incidents, while respecting that national security, including in the cyber domain, remains the sole responsibility of each Member State, as noted in article 4(2) TEU, in particular through the following actions: Amendment 77 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 1 – paragraph 1 – point a (a) the ~~deployment of a pan-European infrastructure~~strenghtening of Computer security incident response teams (CSIRTs), referred to in Article 10 of Directive (EU) 2022/2555, and of the CSIRTs Network referred to in Article 15 of Directive (EU) 2022/2555, and deployment of Security Operations Centres (~~‘European Cyber Shield’~~SOCs) to build and enhance national and common detection and situational awareness capabilities (‘European Cyber Shield’); Amendment 78 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 1 – paragraph 1 – point c ~~(c) the establishment of a European Cybersecurity Incident Review Mechanism to review and assess significant or large-scale incidents.~~deleted Amendment 79 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 1 – paragraph 2 – point a (a) to strengthen common Union detection and situational awareness of cyber threats and incidents thus allowing to reinforce the competitive position of industry, including SMEs, and services sectors in the Union across the digital economy and contribute to the Union’s technological sovereignty in the area of cybersecurity; Amendment 80 # Johan NISSINEN Proposal for a regulation Article 1 – paragraph 2 – point a (a) to strengthen voluntary common Union detection and situational awareness of cyber threats and incidents thus allowing to reinforce the competitive position of industry and services sectors in the Union across the digital economy and contribute to the Union’s technological sovereignty in the area of cybersecurity; Amendment 81 # Johan NISSINEN Proposal for a regulation Article 1 – paragraph 2 – point b (b) to reinforce preparedness of entities operating in critical and highly critical sectors across the Union and strengthen svol~~idarity~~untary cooperation by developing common response capacities against significant or large-scale cybersecurity incidents, including by making Union cybersecurity incident response support available for third countries associated to the Digital Europe Programme (‘DEP’); Amendment 82 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 1 – paragraph 2 – point c (c) to enhance Union resilience and contribute to effective response by reviewing and assessing significant or large-scale incidents, including drawing lessons learned and, where appropriate, recommendations..deleted Amendment 83 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 1 – paragraph 2 – point c a (new) (ca) to develop and improve skills and competences of the workforce in the cybersecurity sector in a coordinated way, by cooperating with the Cyber Skills Academy to provide training and opportunities with the goal of closing the talent gap in the cybersecurity sector. Amendment 84 # Johan NISSINEN Proposal for a regulation Article 1 – paragraph 3 3. This Regulation is without prejudice to the Member States’ primary responsibility for national security, public security, and the prevention, investigation, detection and prosecution of criminal offences and avoids unnecessary duplication with existing initiatives. Amendment 85 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 1 – paragraph 3 3. This Regulation is without prejudice to the Member States’ ~~primary responsibility for~~exclusive competence in national security, public security, and the prevention, investigation, detection and prosecution of criminal offences. Amendment 86 # Nicola DANTI Proposal for a regulation Article 1 – paragraph 3 a (new) 3a. Every year when presenting the Draft Budget for the following year, the Commission shall submit a detailed assessment of ENISA's tasks under this Regulation as well as [the proposal for a Regulation on horizontal cybersecurity requirements for products with digital elements] and other Union legislation and shall detail the financial and human resources needed to fulfil those tasks. Amendment 87 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 2 – paragraph 1 – point 1 (1) ‘Cross-border Security Operations Centre’ (“Cross-border SOC”) means a multi-country platform, that brings together in a coordinated network structure national SOCs from at least three Member States who form a Hosting Consortium, and that is designed to prevent cyber threats and incidents and to support the production of high-quality intelligence, notably through the exchange of data from various sources, public and private, as well as through the sharing of state-of-the-art tools and jointly developing cyber detection, analysis, and prevention and protection capabilities in a trusted environment;deleted Amendment 88 # Bart GROOTHUIS, Klemen GROŠELJ, Ivars IJABS, Mauri PEKKARINEN Proposal for a regulation Article 2 – paragraph 1 – point 1 (1) ‘Cross-border Security Operations Centre’ (“Cross-border SOC”) means a multi-country platform, that brings together in a coordinated network structure national SOCs from at least three Member States who form a Hosting Consortium, and that is designed to ~~prevent~~detect and analyze cyber threats and prevent incidents and to support the production of high-quality intelligence, notably through the exchange of data from various sources, public and private, as well as through the sharing of state-of-the-art tools and jointly developing cyber detection, analysis, and prevention and protection capabilities in a trusted environment; Amendment 89 # Johan NISSINEN Proposal for a regulation Article 2 – paragraph 1 – point 1 (1) ‘Cross-border Security Operations Centre’ (“Cross-border SOC”) means a multi-country platform, that brings together in a coordinated network structure national SOCs from at least three Member States who form a Hosting Consortium, and that is designed to prevent cyber threats and incidents and to support the production of high-quality intelligence, notably through the voluntary exchange of data from various sources, public and private, as well as through the sharing of state-of-the-art tools and jointly developing cyber detection, analysis, and prevention and protection capabilities in a trusted environment; Amendment 90 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 2 – paragraph 1 – point 1 a (new) (1a) “Security Operations Centre” (“SOC”) means a centralized capacity, which can be in-house or outsourced, responsible for continuously monitoring and improving the cybersecurity posture of an entity to prevent, detect, analyse, and respond to cybersecurity threats. Amendment 91 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 2 – paragraph 1 – point 1 a (new) (1a) ‘Security Operations Centre’ (“SOC”) means a centre, set up by private and public entities or national authorities, constantly monitoring and analysing the communication networks and computer systems to detect intrusions and anomalies in real time. Amendment 92 # Angelika NIEBLER, Sara SKYTTEDAL, Angelika WINZIG, Gheorghe FALCĂ, Cristian-Silviu BUŞOI, Ioan-Rareş BOGDAN Proposal for a regulation Article 2 – paragraph 1 – point 1 b (new) (1b) ‘National Security Operations Centre’ (“National SOC”) means a centralized capacity responsible for continuously gathering threat intelligence and improving the cybersecurity posture of entities under national jurisdiction by preventing, detecting and analyzing, cybersecurity threats to be able to better respond to cybersecurity threats. This capacity shall, where applicable, be incorporated in already existing national structures such as CSIRTs as established under Directive 2022/2555. Amendment 93 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 2 – paragraph 1 – point 2 (2) ‘public ~~body’ means a body governed by public law~~administration entity’ means a public administration entity as defined in Article ~~2((1)~~6, point (~~4),~~35), of Directive 2014/24/EU of the European Parliament and the Council30 ; _________________ 30 Directive 2014/24/EU of the European Parliament and of the Council of 26 February 2014 on public procurement and repealing Directive 2004/18/EC (OJ L 94 28.3.2014, p. 65).(EU) 2022/2555; Amendment 94 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 2 – paragraph 1 – point 3 (3) ‘Hosting Consortium’ means a consortium composed of participating states, represented by National SOCs, that have agreed to establish and contribute to the acquisition of tools and infrastructure for, and operation of, a Cross-border SOC ;deleted Amendment 95 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 2 – paragraph 1 – point 5 a (new) (5a) ‘incident handling’ means a incident handling as defined in Article 6, point (8), of Directive (EU) 2022/2555; Amendment 96 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 2 – paragraph 1 – point 5 b (new) (5b) ‘risk’ means a risk as defined in Article 6, point (9), of Directive (EU) 2022/2555; Amendment 97 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 2 – paragraph 1 – point 6 a (new) (6a) ‘significant cyber threat’ means a cyber threat as defined in Article 6, point (11), of Directive (EU) 2022/2555; Amendment 98 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 2 – paragraph 1 – point 9 (9) ‘preparedness’ means a state of readiness and capability to ensure an effective rapid response to a significant or large-scale cybersecurity incident, obtained as a result of risk assessment and monitoring actions taken in advance;deleted Amendment 99 # Evžen TOŠENOVSKÝ Proposal for a regulation Article 2 – paragraph 1 – point 10 (10) ‘response’ means action in the event of a significant or large-scale cybersecurity incident, or during or after such an incident, to address its immediate and short-term adverse consequences;deleted source: 753.628

Amendments

Dossier

171

2023/0109(COD)

2023/09/22 ITRE 171 amendments...

Amendment 100 #

docs/8	date 2024-04-24T00:00:00 docs url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0355_EN.html title: T9-0355/2024 type Text adopted by Parliament, 1st reading/single reading body EP
events/8	date 2024-04-24T00:00:00 type Decision by Parliament, 1st reading body EP docs url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0355_EN.html title: T9-0355/2024
forecasts	date: 2024-04-24T00:00:00 title: Vote in plenary scheduled
procedure/stage_reached	Old Awaiting Parliament's position in 1st reading New Awaiting Council's 1st reading position

forecasts/0	date 2024-04-24T00:00:00 title Vote in plenary scheduled
forecasts/0	date 2024-04-22T00:00:00 title Indicative plenary sitting date

docs/6	date 2024-03-20T00:00:00 docs url: https://www.europarl.europa.eu/RegData/commissions/itre/inag/2024/03-21/ITRE_AG(2024)760882_EN.docx title: PE760.882 type Text agreed during interinstitutional negotiations body EP
docs/7	date 2024-03-21T00:00:00 docs title: GEDA/A/(2024)001689 type Coreper letter confirming interinstitutional agreement body CSL
events/7	date 2024-03-20T00:00:00 type Approval in committee of the text agreed at 1st reading interinstitutional negotiations body EP docs url: https://www.europarl.europa.eu/RegData/commissions/itre/inag/2024/03-21/ITRE_AG(2024)760882_EN.docx title: PE760.882

docs/5	date 2023-12-08T00:00:00 docs url: https://www.europarl.europa.eu/doceo/document/A-9-2023-0426_EN.html title: A9-0426/2023 type Committee report tabled for plenary, 1st reading/single reading body EP
docs/8	date 2024-01-04T00:00:00 docs url: https://connectfolx.europarl.europa.eu/connefof/app/exp/COM(2023)0209 title: COM(2023)0209 type Contribution body FR_SENATE
events/4/summary	The Committee on Industry, Research and Energy adopted the report by Lina GÁLVEZ MUÑOZ (S&D, ES) on the proposal for a regulation of the European Parliament and of the Council laying down measures to strengthen solidarity and capacities in the Union to detect, prepare for and respond to cybersecurity threats and incidents. The committee responsible recommended that the European Parliament's position adopted at first reading under the ordinary legislative procedure should amend the proposal as follows: Coordinated governance Members stressed that close and coordinated cooperation is needed between the public sector, the private sector, academia, civil society and the media. Moreover, the Union's response needs to be coordinated with international institutions as well as trusted and like-minded international partners. To ensure cooperation with trusted and like-minded international partners and protection against systemic rivals, entities established in third countries that are not parties to the WTO Agreement on Government Procurement (GPA) should not be allowed to participate in procurement under this Regulation. Cybersecurity reserve Regarding the new cybersecurity reserve, Members believe it has the potential of developing industrial capacities in the EU, including for SMEs , with investments in research and innovation to develop state of the art technologies, such as cloud and artificial intelligence technologies. In addition, the report proposed to maintain the participation of the industry, enhance the criteria and trust of their participation (i.e. connecting their participation to a national or local company) by clarifying the criteria and the definition of technological sovereignty and to guarantee a balance between non-EU and EU actors. In addition, Members proposed for the Cyber Emergency Mechanism a certification scheme to be used for private providers to build a longstanding and trusted partnership. To support the establishment of the EU Cybersecurity Reserve, the Commission could consider requesting ENISA to prepare a candidate certification scheme for managed security services in the areas covered by the Cybersecurity Emergency Mechanism. To fulfil the additional tasks deriving from this provision, ENISA should receive adequate, additional funding . Funding Considering geopolitical developments and the growing cyber threat landscape and in order to ensure continuity and further development of the measures laid down in this Regulation beyond 2027, particularly the European Cyber Shield and the Cybersecurity Emergency Mechanism, it is necessary to ensure a specific budget line in the multiannual financial framework for the period 2028-2034. According to the report, Member States should endeavour to commit themselves to supporting all necessary measures to reduce cyber threats and incidents throughout the Union and to strengthen solidarity. Strengthening R&I in cybersecurity The amended text called for enhanced research and innovation (R&I) in cybersecurity to increase the resilience and the open strategic autonomy of the Union. Similarly, it is important to create synergies with R&I programmes and with existing instruments and institutions and to strengthen cooperation and coordination among the different stakeholders, including the private sector, civil society, academia, Member States, the Commission and ENISA. Evaluation and Review The amended text stated that by two years from the date of application of this Regulation and every two years thereafter, the Commission should carry out an evaluation concerning, inter alia : (i) both the positive and the negative working of the Cybersecurity Emergency Mechanism; (ii) the contribution of this Regulation to reinforce the Union’s resilience and open strategic autonomy, to improve the competitiveness of the relevant industry sectors, microenterprises, SMEs including start-ups, and the development of cybersecurity skills in the Union; (iii) the use and added value of the EU Cybersecurity Reserve.

docs/5/docs/0/url	https://www.europarl.europa.eu/doceo/document/A-9-2023-0426_EN.html
events/4/docs/0/url	https://www.europarl.europa.eu/doceo/document/A-9-2023-0426_EN.html

docs/5	date 2023-12-08T00:00:00 docs title: A9-0426/2023 type Committee report tabled for plenary, 1st reading/single reading body EP
events/4	date 2023-12-08T00:00:00 type Committee report tabled for plenary, 1st reading body EP docs title: A9-0426/2023
procedure/stage_reached	Old Awaiting committee decision New Awaiting Parliament's position in 1st reading

events/2	date 2023-12-07T00:00:00 type Vote in committee, 1st reading body EP
events/3	date 2023-12-07T00:00:00 type Committee decision to open interinstitutional negotiations with report adopted in committee body EP

docs/4/date	Old 2023-06-28T00:00:00 New 2023-06-29T00:00:00
docs/5/date	Old 2023-09-17T00:00:00 New 2023-09-18T00:00:00
docs/6/date	Old 2023-07-31T00:00:00 New 2023-08-01T00:00:00

committees/3/rapporteur	name: FALCĂ Gheorghe date: 2023-07-07T00:00:00 group: Group of European People's Party abbr: EPP
docs/0	date 2023-06-28T00:00:00 docs url: https://connectfolx.europarl.europa.eu/connefof/app/exp/COM(2023)0209 title: COM(2023)0209 type Contribution body CZ_CHAMBER
docs/0	date 2023-04-18T00:00:00 docs url: https://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2023/0209/COM_COM(2023)0209_EN.pdf title: COM(2023)0209 url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=2023&nu_doc=0209 title: EUR-Lex type Legislative proposal body EC

committees/0	type Responsible Committee body EP committee_full Industry, Research and Energy committee ITRE associated False rapporteur name: GÁLVEZ MUÑOZ Lina date: 2023-05-02T00:00:00 group: Group of Progressive Alliance of Socialists and Democrats abbr: S&D shadows name: NIEBLER Angelika group: Group of European People's Party abbr: EPP name: GROOTHUIS Bart group: Renew Europe group abbr: Renew name: NIINISTÖ Ville group: Group of the Greens/European Free Alliance abbr: Verts/ALE
committees/0	type Responsible Committee body EP committee_full Industry, Research and Energy committee ITRE associated False rapporteur name: GÁLVEZ MUÑOZ Lina date: 2023-05-02T00:00:00 group: Group of Progressive Alliance of Socialists and Democrats abbr: S&D shadows name: GROOTHUIS Bart group: Renew Europe group abbr: Renew
committees/1	Old type Committee Opinion body EP committee_full Civil Liberties, Justice and Home Affairs committee LIBE associated False opinion False New type Committee Opinion body EP committee_full Foreign Affairs committee AFET associated False rapporteur name: TUDORACHE Dragoş date: 2023-06-16T00:00:00 group: Renew Europe group abbr: Renew
committees/2	Old type Committee Opinion body EP committee_full Internal Market and Consumer Protection committee IMCO associated False opinion False New type Committee Opinion body EP committee_full Budgets committee BUDG associated False opinion False
committees/3	Old type Committee Opinion body EP committee_full Budgetary Control committee CONT associated False opinion False New type Committee Opinion body EP committee_full Transport and Tourism committee TRAN associated False
committees/4	Old type Committee Opinion body EP committee_full Foreign Affairs committee AFET associated False rapporteur name: TUDORACHE Dragoş date: 2023-06-16T00:00:00 group: Renew Europe group abbr: Renew New type Committee Opinion body EP committee_full Civil Liberties, Justice and Home Affairs committee LIBE associated False opinion False
committees/5	Old type Committee Opinion body EP committee_full Budgets committee BUDG associated False opinion False New type Committee Opinion body EP committee_full Internal Market and Consumer Protection committee IMCO associated False opinion False
committees/6	Old type Committee Opinion body EP committee_full Transport and Tourism committee TRAN associated False New type Committee Opinion body EP committee_full Budgetary Control committee CONT associated False opinion False

committees/1	type Committee Opinion body EP committee_full Foreign Affairs committee AFET associated False
committees/1	Old type Committee Opinion body EP committee_full Budgets committee BUDG associated False opinion False New type Committee Opinion body EP committee_full Civil Liberties, Justice and Home Affairs committee LIBE associated False opinion False
committees/2	Old type Committee Opinion body EP committee_full Transport and Tourism committee TRAN associated False New type Committee Opinion body EP committee_full Internal Market and Consumer Protection committee IMCO associated False opinion False
committees/3	Old type Committee Opinion body EP committee_full Civil Liberties, Justice and Home Affairs committee LIBE associated False opinion False New type Committee Opinion body EP committee_full Budgetary Control committee CONT associated False opinion False
committees/4	type Committee Opinion body EP committee_full Foreign Affairs committee AFET associated False
committees/4/rapporteur	name: TUDORACHE Dragoş date: 2023-06-16T00:00:00 group: Renew Europe group abbr: Renew
committees/5	Old type Committee Opinion body EP committee_full Internal Market and Consumer Protection committee IMCO associated False opinion False New type Committee Opinion body EP committee_full Budgets committee BUDG associated False opinion False
committees/6	Old type Committee Opinion body EP committee_full Budgetary Control committee CONT associated False opinion False New type Committee Opinion body EP committee_full Transport and Tourism committee TRAN associated False

commission	body: EC dg: Communications Networks, Content and Technology commissioner: BRETON Thierry
events/1	date 2023-06-01T00:00:00 type Committee referral announced in Parliament, 1st reading body EP
procedure/dossier_of_the_committee	ITRE/9/11824
procedure/stage_reached	Old Preparatory phase in Parliament New Awaiting committee decision

Progress: Awaiting Council's 1st reading position

Lead committee dossier:

ITRE/9/11824

Legal Basis:

Subjects

Links

Events

Documents

Activities

Votes

A9-0426/2023 – Lina Gálvez Muñoz – Provisional agreement – Am 2 #

France PPE

For (7)

Germany PPE

For (26)

Italy PPE

For (6)

Poland PPE

For (13)

Spain PPE

For (12)

Romania PPE

For (10)

Sweden PPE

For (6)

Belgium PPE

For (4)

Hungary PPE

For (1)

Czechia PPE

For (5)

Austria PPE

For (6)

Bulgaria PPE

For (7)

Croatia PPE

For (3)

Slovakia PPE

For (4)

Netherlands PPE

For (6)

Finland PPE

For (3)

Denmark PPE

For (1)

Greece PPE

For (4)

Portugal PPE

For (4)

Lithuania PPE

For (4)

Slovenia PPE

For (3)

Latvia PPE

For (3)

Estonia PPE

For (1)

Ireland PPE

For (4)

Luxembourg PPE

For (2)

Malta PPE

For (1)

France S&D

For (7)

Germany S&D

For (12)

Italy S&D

For (7)

Poland S&D

For (6)

Spain S&D

For (21)

Romania S&D

For (2)

Sweden S&D

For (5)

Belgium S&D

For (2)

Hungary S&D