Back to EUR-Lex homepage

EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Use quotation marks to search for an "exact phrase". Append an asterisk (*) to a search term to find variations of it (transp*, 32019R*). Use a question mark (?) instead of a single character in your search term to find variations of it (ca?e finds case, cane, care).
Search tips
Need more search options? Use the Advanced search
You are here

Summaries of EU Legislation

European cybersecurity network and competence centre

 

SUMMARY OF:

Regulation (EU) 2021/887 establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres

WHAT IS THE AIM OF THE REGULATION?

  • It sets up the European Cybersecurity Competence Centre (ECCC) and the Network of National Coordination Centres (the ‘network’).
  • It lays down rules for national coordination centres (NCCs) and for setting up the Cybersecurity Competence Community.

The ECCC has an essential role in the digital Europe programme (set up under Regulation (EU) 2021/694 — see summary) and contributes to Horizon Europe. It creates a framework for increasing and coordinating investments in cybersecurity between the European Union (EU), EU Member States and, indirectly, industry.

KEY POINTS

Mission

The mission of the ECCC and the network is to help the EU to:

  • strengthen EU leadership in cybersecurity* by enhancing trust and security, including the confidentiality, integrity and accessibility of data;
  • support network and information system resilience and reliability, including critical infrastructure and commonly used hardware and software; and
  • increase the global competitiveness and high standards of the EU’s cybersecurity industry, turning cybersecurity into a competitive advantage for EU industry.

Objectives

The ECCC’s specific objectives translate into strategic tasks and implementation tasks:

  • enhancing cybersecurity capacities, capabilities, knowledge and infrastructure;
  • promoting cybersecurity resilience, best practices, security by design and the security certification of digital products and services;
  • contributing to a strong European cybersecurity ecosystem and bringing stakeholders together.

These tasks are completed by:

  • setting strategic orientations for research, innovation and deployment, and setting out priorities;
  • implementing parts of the relevant EU funding programmes;
  • encouraging cooperation and coordination at the national and EU levels; and
  • facilitating joint investment.

National coordination centres (NCCs)

  • One NCC is nominated by each Member State and the European Commission is notified of the decision.
  • Each NCC must have access to cybersecurity research and technological expertise.
  • NCCs may, under certain conditions, receive direct EU grants and can provide financial support to third parties.

The key functions of NCCs include:

  • acting as points of contact at the national level;
  • providing expertise and contributing to strategic tasks;
  • facilitating participation in cross-border projects and EU-funded cybersecurity actions;
  • providing technical assistance to stakeholders in projects managed by the ECCC;
  • seeking synergies with activities at the national, regional and local levels, such as national policies on research, development and innovation;
  • implementing specific actions for which grants have been awarded by the ECCC;
  • contributing to educational programmes.

Cybersecurity Competence Community

  • Contributes to the ECCC and network missions, sharing and disseminating cybersecurity expertise.
  • Consists of industry, including small and medium-sized enterprises, academic and research organisations, civil-society associations, standards organisations, relevant public entities and stakeholders facing cybersecurity challenges.

ECCC structure

The ECCC administrative and governance structure includes:

  • a Governing Board that provides strategic orientation and oversees activities;
  • an executive director, the ECCC’s legal representative and the person responsible for day-to-day management; and
  • a Strategic Advisory Group that ensures dialogue between the Cybersecurity Competence Community and the ECCC.

Governing Board

  • A representative from each Member State and two from the Commission, with cybersecurity knowledge and managerial skills.
  • Observers, including as a permanent observer the European Union Agency for Cybersecurity set up under Regulation (EU) 2019/881.
  • Chairperson and deputy elected by Governing Board members.

The executive director takes part in meetings but cannot vote.

Strategic Advisory Group

  • Twenty members appointed by the Governing Board.
  • Meets at least three times per year.
  • Advises the Governing Board on establishing working groups.
  • Organises public consultations to collect input for the ECCC agenda and work programmes.

Funding

The ECCC is EU-funded, while joint actions are funded by the EU and voluntary Member State contributions:

  • up to €1,649,566,000 from the digital Europe programme, including up to €32,000,000 for administration;
  • an amount from Horizon Europe for joint actions, matching Member State contributions and in alignment with Horizon Europe planning;
  • an amount from the other EU programmes, as needed to implement ECCC objectives.

The regulation allows and encourages Member States to contribute with their own resources. If Member States contribute to the resources managed by the ECCC, they also have to contribute to the administrative costs.

FROM WHEN DOES THE REGULATION APPLY?

It has applied since 28 June 2021.

BACKGROUND

See also:

KEY TERMS

Cybersecurity: the activities necessary to protect network and information systems, the users of such systems, and other persons affected by cyber threats*.
Cyber threat: any potential circumstance, event or action that could damage, disrupt or otherwise adversely affect network and information systems, the users of such systems and other persons.

MAIN DOCUMENT

Regulation (EU) 2021/887 of the European Parliament and of the Council of 20 May 2021 establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres (OJ L 202, 8.6.2021, pp. 1-31)

RELATED DOCUMENTS

Regulation (EU) 2021/694 of the European Parliament and of the Council of 29 April 2021 establishing the Digital Europe Programme and repealing Decision (EU) 2015/2240 (OJ L 166, 11.5.2021, pp. 1-34)

Communication from the Commission to the European Parliament, the European Council, the Council, the European Economic and Social Committee and the Committee of the Regions on the EU security union strategy (COM(2020) 605 final, 24.7.2020)

Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (OJ L 194, 19.7.2016, pp. 1-30)

Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (OJ L 151, 7.6.2019, pp. 15-69)

last update 27.07.2021

Top