EU leaders agree on ground-breaking regulation for cybersecurity agency ENISA

ENISA welcomes the political agreement on the Cybersecurity Act reached on 10 December 2018 by the European Parliament, the Council of the European Union, and the European Commission. Henceforth, ENISA will be known as ‘the EU Agency for Cybersecurity’.


The agreement reinforces the mandate of the agency, to better support the EU Member States in dealing with cybersecurity threats and attacks.

Prof. Dr. Udo Helmbrecht, Executive Director of ENISA, said: ”Receiving a permanent mandate is a major achievement for ENISA. The European Union has taken another important step in increasing the level of cybersecurity in the European digital environment. The new cybersecurity certification framework will provide business opportunities for the EU cybersecurity industry, in addition to stimulating the development of more reliable ICT products and services. On behalf of the entire team at ENISA, I would like to thank the EU Member States, the European Parliament and the European Commission for their support for ENISA throughout the legislative process.”

These are the main highlights of the Cybersecurity Act:

  • ENISA will receive a permanent mandate with more human and financial resources;
  • ENISA will increase its support to EU Member States, in order to improve capabilities and expertise, notably in the areas of cyber crisis coordination and the prevention of and response to cyber-incidents;
  • Within the Cybersecurity Certification Framework, ENISA will have market-related tasks, notably by preparing European cybersecurity certification schemes with the expert assistance and close cooperation of national certification authorities and industry;
  • ENISA will strengthen its support to Member States and the EU institutions in the development, implementation and review of general cybersecurity policy.

ENISA’s new Regulation requires a formal approval by the European Parliament and the Council of the European Union. Following its publication in the EU Official Journal, the Cybersecurity Act will enter into force.