Next event: Vote in plenary scheduled 2024/04/24 more...
- Coreper letter confirming interinstitutional agreement 2024/03/21
- Text agreed during interinstitutional negotiations 2024/03/20
- Approval in committee of the text agreed at 1st reading interinstitutional negotiations 2024/03/20
- Contribution 2024/01/04
- Committee decision to enter into interinstitutional negotiations confirmed by plenary (Rule 71) 2023/12/13
- Committee decision to enter into interinstitutional negotiations announced in plenary (Rule 71) 2023/12/11
- Committee report tabled for plenary, 1st reading 2023/12/08
- Vote in committee, 1st reading 2023/12/07
- Committee decision to open interinstitutional negotiations with report adopted in committee 2023/12/07
- Committee of the Regions: opinion 2023/11/29
- Committee opinion 2023/10/27
- Committee opinion 2023/10/25
- Amendments tabled in committee 2023/09/22
- Contribution 2023/09/18
- Committee draft report 2023/09/04
- Contribution 2023/08/01
- Economic and Social Committee: opinion, report 2023/07/13
- FALCĂ Gheorghe (EPP) appointed as rapporteur in TRAN 2023/07/07
Progress: Awaiting Parliament's position in 1st reading
Role | Committee | Rapporteur | Shadows |
---|---|---|---|
Lead | ITRE | GÁLVEZ MUÑOZ Lina ( S&D) | NIEBLER Angelika ( EPP), GROOTHUIS Bart ( Renew), NIINISTÖ Ville ( Verts/ALE), TOŠENOVSKÝ Evžen ( ECR) |
Committee Opinion | AFET | TUDORACHE Dragoş ( Renew) | Željana ZOVKO ( PPE), Markéta GREGOROVÁ ( Verts/ALE), Witold Jan WASZCZYKOWSKI ( ECR), Attila ARA-KOVÁCS ( S&D) |
Committee Opinion | BUDG | ||
Committee Opinion | CONT | ||
Committee Opinion | IMCO | ||
Committee Opinion | TRAN | FALCĂ Gheorghe ( EPP) | Nicola DANTI ( RE), Kosma ZŁOTOWSKI ( ECR), Josianne CUTAJAR ( S&D), Anne-Sophie PELLETIER ( GUE/NGL) |
Committee Opinion | LIBE |
Lead committee dossier:
Legal Basis:
TFEU 173-p3, TFEU 322-p1
Legal Basis:
TFEU 173-p3, TFEU 322-p1Subjects
Events
The Committee on Industry, Research and Energy adopted the report by Lina GÁLVEZ MUÑOZ (S&D, ES) on the proposal for a regulation of the European Parliament and of the Council laying down measures to strengthen solidarity and capacities in the Union to detect, prepare for and respond to cybersecurity threats and incidents.
The committee responsible recommended that the European Parliament's position adopted at first reading under the ordinary legislative procedure should amend the proposal as follows:
Coordinated governance
Members stressed that close and coordinated cooperation is needed between the public sector, the private sector, academia, civil society and the media. Moreover, the Union's response needs to be coordinated with international institutions as well as trusted and like-minded international partners. To ensure cooperation with trusted and like-minded international partners and protection against systemic rivals, entities established in third countries that are not parties to the WTO Agreement on Government Procurement (GPA) should not be allowed to participate in procurement under this Regulation.
Cybersecurity reserve
Regarding the new cybersecurity reserve, Members believe it has the potential of developing industrial capacities in the EU, including for SMEs , with investments in research and innovation to develop state of the art technologies, such as cloud and artificial intelligence technologies. In addition, the report proposed to maintain the participation of the industry, enhance the criteria and trust of their participation (i.e. connecting their participation to a national or local company) by clarifying the criteria and the definition of technological sovereignty and to guarantee a balance between non-EU and EU actors. In addition, Members proposed for the Cyber Emergency Mechanism a certification scheme to be used for private providers to build a longstanding and trusted partnership.
To support the establishment of the EU Cybersecurity Reserve, the Commission could consider requesting ENISA to prepare a candidate certification scheme for managed security services in the areas covered by the Cybersecurity Emergency Mechanism. To fulfil the additional tasks deriving from this provision, ENISA should receive adequate, additional funding .
Funding
Considering geopolitical developments and the growing cyber threat landscape and in order to ensure continuity and further development of the measures laid down in this Regulation beyond 2027, particularly the European Cyber Shield and the Cybersecurity Emergency Mechanism, it is necessary to ensure a specific budget line in the multiannual financial framework for the period 2028-2034. According to the report, Member States should endeavour to commit themselves to supporting all necessary measures to reduce cyber threats and incidents throughout the Union and to strengthen solidarity.
Strengthening R&I in cybersecurity
The amended text called for enhanced research and innovation (R&I) in cybersecurity to increase the resilience and the open strategic autonomy of the Union. Similarly, it is important to create synergies with R&I programmes and with existing instruments and institutions and to strengthen cooperation and coordination among the different stakeholders, including the private sector, civil society, academia, Member States, the Commission and ENISA.
Evaluation and Review
The amended text stated that by two years from the date of application of this Regulation and every two years thereafter, the Commission should carry out an evaluation concerning, inter alia : (i) both the positive and the negative working of the Cybersecurity Emergency Mechanism; (ii) the contribution of this Regulation to reinforce the Union’s resilience and open strategic autonomy, to improve the competitiveness of the relevant industry sectors, microenterprises, SMEs including start-ups, and the development of cybersecurity skills in the Union; (iii) the use and added value of the EU Cybersecurity Reserve.
PURPOSE: to lay down measures to strengthen solidarity and capacities in the Union to detect, prepare for and respond to cybersecurity threats and incidents (EU Cyber solidarity act).
PROPOSED ACT: Regulation of the European Parliament and of the Council.
ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.
BACKGROUND: the magnitude, frequency and impact of cybersecurity incidents are increasing, including supply chain attacks aiming at cyberespionage, ransomware or disruption. They represent a major threat to the functioning of network and information systems. In view of the fast-evolving threat landscape, the threat of possible large-scale incidents causing significant disruption or damage to critical infrastructures demands heightened preparedness at all levels of the Union’s cybersecurity framework. That threat goes beyond Russia’s military aggression on Ukraine and is likely to persist given the multiplicity of state-aligned, criminal and hacktivist actors involved in current geopolitical tensions.
CONTENT: with this proposal, the Commission aims to set up Cyber Solidarity Act which establishes EU capabilities to make Europe more resilient and reactive in front of cyber threats, while strengthening existing cooperation mechanism. It will contribute to ensuring a safe and secure digital landscape for citizens and businesses and to protecting critical entities and essential services, such as hospitals and public utilities.
This Regulation lays down measures to strengthen capacities in the Union to detect, prepare for and respond to cybersecurity threats and incidents, in particular through the following actions:
European Cyber Shield
An interconnected pan-European infrastructure of Security Operations Centres (European Cyber Shield) will be established to develop advanced capabilities for the Union to detect, analyse and process data on cyber threats and incidents in the Union. It will be composed of Security Operations Centres (SOCs) across the EU, brought together in several multi-country SOC platforms, built with support from the Digital Europe Programme (DEP) to supplement national funding. The Cyber Shield will be tasked with improving the detection, analysis and response to cyber threats. These SOCs will use advanced technology such as Artificial Intelligence (AI) and data analytics to detect and share warnings on such threats with authorities across borders. They will allow for a more timely and efficient response to major threats.
Cyber Emergency Mechanism
The Cyber Emergency Mechanism will improve the Union’s resilience to major cybersecurity threats and prepare for and mitigate, in a spirit of solidarity, the short-term impact of significant and large-scale cybersecurity incidents. It provides for actions to support preparedness, including coordinated testing of entities operating in highly critical sectors, response to and immediate recovery from significant or large-scale cybersecurity incidents or mitigate significant cyber threats and mutual assistance actions.
Also set to be created is an EU Cybersecurity Reserve made up of trusted and certified private companies ready to respond to major incidents.
European Cybersecurity Incident Review Mechanism
The proposed Regulation would also establish the Cybersecurity Incident Review Mechanism to assess and review specific cybersecurity incidents. At the request of the Commission or of national authorities (the EU-CyCLONe or the CSIRTs network), the EU Cybersecurity Agency (ENISA) will be responsible for the review of specific significant or large-scale cybersecurity incident and should deliver a report that includes lessons learned, and where appropriate, recommendations to improve Union’s cyber response.
Budgetary implications
The EU Cybersecurity Shield and the Cybersecurity Emergency Mechanism of this Regulation will be supported by funding under Strategic Objective ‘Cybersecurity’ of Digital Europe Programme (DEP).
The total budget includes an increase of EUR 100 million that this Regulation proposes to re-allocate from other Strategic Objectives of DEP. This will bring the new total amount available for Cybersecurity actions under DEP to EUR 842.8 million. Part of the additional EUR 100 million will reinforce the budget managed by the ECCC to implement actions on SOCs and preparedness as part of their Work Programme(s). Moreover, the additional funding will serve to support the establishment of the EU Cybersecurity Reserve.
It complements the budget already foreseen for similar actions in the main DEP and Cybersecurity DEP WP from the period 2023-2027 which could bring the total to 551 million for 2023-2027, while 115 million were dedicated already in the form of pilots for 2021-2022. Including Member States contributions, the overall budget could amount up to EUR 1.109 billion.
Documents
- Coreper letter confirming interinstitutional agreement: GEDA/A/(2024)001689
- Text agreed during interinstitutional negotiations: PE760.882
- Approval in committee of the text agreed at 1st reading interinstitutional negotiations: PE760.882
- Contribution: COM(2023)0209
- Committee report tabled for plenary, 1st reading: A9-0426/2023
- Committee of the Regions: opinion: CDR2191/2023
- Committee opinion: PE750.145
- Committee opinion: PE752.607
- Amendments tabled in committee: PE753.628
- Contribution: COM(2023)0209
- Committee draft report: PE752.795
- Contribution: COM(2023)0209
- Economic and Social Committee: opinion, report: CES2408/2023
- Contribution: COM(2023)0209
- Legislative proposal published: COM(2023)0209
- Legislative proposal published: EUR-Lex
- Economic and Social Committee: opinion, report: CES2408/2023
- Committee draft report: PE752.795
- Amendments tabled in committee: PE753.628
- Committee opinion: PE752.607
- Committee opinion: PE750.145
- Committee of the Regions: opinion: CDR2191/2023
- Text agreed during interinstitutional negotiations: PE760.882
- Coreper letter confirming interinstitutional agreement: GEDA/A/(2024)001689
- Contribution: COM(2023)0209
- Contribution: COM(2023)0209
- Contribution: COM(2023)0209
- Contribution: COM(2023)0209
Activities
- Lina GÁLVEZ MUÑOZ
Plenary Speeches (0)
History
(these mark the time of scraping, not the official date of the change)
docs/8 |
|
events/8 |
|
forecasts |
|
procedure/stage_reached |
Old
Awaiting Parliament's position in 1st readingNew
Awaiting Council's 1st reading position |
forecasts/0/title |
Old
Vote in plenary scheduledNew
Vote scheduled |
forecasts/0 |
|
forecasts/0 |
|
docs/6 |
|
docs/7 |
|
events/7 |
|
docs/6 |
|
docs/7 |
|
events/7 |
|
docs/6 |
|
events/7 |
|
docs/6 |
|
events/7 |
|
docs/6 |
|
events/7 |
|
forecasts |
|
docs/5 |
|
committees/0/shadows/3 |
|
docs/5 |
|
docs/8 |
|
events/4/summary |
|
links |
|
events/6 |
|
events/5 |
|
docs/5/docs/0/url |
https://www.europarl.europa.eu/doceo/document/A-9-2023-0426_EN.html
|
events/4/docs/0/url |
https://www.europarl.europa.eu/doceo/document/A-9-2023-0426_EN.html
|
docs/5 |
|
events/4 |
|
procedure/stage_reached |
Old
Awaiting committee decisionNew
Awaiting Parliament's position in 1st reading |
events/2 |
|
events/3 |
|
docs/4 |
|
docs/4/date |
Old
2023-06-28T00:00:00New
2023-06-29T00:00:00 |
docs/5/date |
Old
2023-09-17T00:00:00New
2023-09-18T00:00:00 |
docs/6/date |
Old
2023-07-31T00:00:00New
2023-08-01T00:00:00 |
docs/3 |
|
docs/4 |
|
docs/2 |
|
docs/1 |
|
docs/2 |
|
docs/0 |
|
committees/3/rapporteur |
|
docs/0 |
|
docs/0 |
|
committees/0 |
|
committees/0 |
|
committees/1 |
Old
New
|
committees/2 |
Old
New
|
committees/3 |
Old
New
|
committees/4 |
Old
New
|
committees/5 |
Old
New
|
committees/6 |
Old
New
|
committees/1 |
|
committees/1 |
Old
New
|
committees/2 |
Old
New
|
committees/3 |
Old
New
|
committees/4 |
|
committees/4/rapporteur |
|
committees/5 |
Old
New
|
committees/6 |
Old
New
|
committees/0/shadows |
|
committees/6/opinion |
False
|
committees/4/opinion |
False
|
commission |
|
events/1 |
|
procedure/dossier_of_the_committee |
|
procedure/stage_reached |
Old
Preparatory phase in ParliamentNew
Awaiting committee decision |
committees/5/opinion |
False
|
events/0/summary |
|
committees/2/opinion |
False
|
committees/0/rapporteur |
|