52007PC0861

[pic] | COMMISSION OF THE EUROPEAN COMMUNITIES |

Brussels, 20.12.2007

COM(2007) 861 final

2007/0291 (COD)

Proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

amending Regulation (EC) No 460/2004 establishing the European Network and Information Security Agency as regards its duration

(presented by the Commission)

EXPLANATORY MEMORANDUM

Background

Communication networks and information systems have become an essential factor in economic and societal development. The security and resilience of communication networks and information systems are of increasing concern to society. The Commission’s i2010 strategy “A European Information Society for growth and employment”[1] reiterated the importance of network and information security for creating a single European information space.

More recently, the Communication “A strategy for a Secure Information Society – Dialogue, partnership and empowerment”[2] reviewed the current threats to the information society and presented an updated policy strategy, highlighting the positive impact of technological diversity on security and the importance of openness and interoperability.

On 22 March 2007 the Council issued a Resolution on a strategy for a secure information society[3] which called upon the ENISA “to continue working in close cooperation with the Member States, the Commission and other relevant stakeholders, in order to fulfil those tasks and objectives that are defined in Regulation (EC) No 460/2004 and to assist the Commission and the Member States in their efforts to meet the requirements of network and information security, thus contributing to the implementation and further development of the Strategy for a Secure Information Society in Europe as set out in this Resolution.”

ESTABLISHMENT OF ENISA

In order to enhance the capability of the Community, the Member States and, as a consequence, the business community to prevent, address and respond to network and information security problems, the European Network and Information Security Agency (ENISA) was established in 2004 for a period of five years[4].

The Agency was set up with the main purpose of “ensuring a high and effective level of network and information security within the Community and in order to develop a culture of network and information security for the benefit of the citizens, consumers, enterprises and public sector organisations of the European Union, thus contributing to the smooth functioning of the internal market.”

In its proposal for a Regulation of the European Parliament and the Council establishing ENISA[5], the Commission acknowledged that network and information security “ has become a major policy concern. Governments see a widening responsibility for society and are increasingly making efforts to improve security on their territory. They want to promote security, for instance by giving support to computer emergency response teams, to research and for awareness campaigns. (…) Member States are, however, in different stages of their work and the focus of attention varies. (…) there is no systematic cross-border cooperation on network and information security (…) Implementation of the legal framework varies. Product certification is national whilst key standards are developed by the global industry, and operators and vendors are faced with different attitudes of governments. All this leads to a lack of interoperability that impedes a proper use of the security products and services. ” The proposal argued for improved and effective coordination between Member States and also between Member States and stakeholders to enhance the capability of the Community, the Member States and, as a consequence, the business community to prevent, address and respond to network and information security problems.

The review of ENISA

Article 25 of the Regulation establishing the Agency provides for the Commission to carry out an evaluation of the Agency by March 2007. To this end, the Commission “ shall undertake the evaluation, notably with the aim to determine whether the duration of the Agency should be extended beyond the period specified in Article 27 ” (that is, five years). Furthermore, “ the evaluation shall assess the impact of the Agency on achieving its objectives and tasks, as well as its working practices and envisage, if necessary, the appropriate proposals. ”

In accordance with terms of reference agreed with the ENISA Management Board, in October 2006 the Commission launched an independent evaluation by a panel of external experts as the basis for the evaluation provided for in the ENISA Regulation. The purpose of the external evaluation was to provide a formative assessment of the Agency’s working practices, organisation and remit and, if appropriate, recommend improvements. As specified in the terms of reference, the external evaluation took account of the views of all relevant stakeholders. In January 2007 the experts submitted their report, which confirmed that the original policy reasons for establishing the Agency and its original goals are still valid[6].

In accordance with Article 25(3) of the Regulation establishing the Agency, in March 2007 the Management Board of the Agency issued recommendations regarding appropriate changes to the Regulation[7]. One of these was that the Regulation should be amended to extend the mandate of the Agency but that the scope of the Agency should not be materially changed.

In June 2007 the Commission submitted to the European Parliament and the Council Communication COM(2007) 285 on the evaluation of the Agency, which outlined the evaluation process and made an appraisal of the evaluation by the panel of external experts.

In line with the Commission’s Better Regulation strategy[8], a public consultation on the extension and future of the Agency was held from 13 June to 7 September 2007[9]. Most respondents agreed, inter alia , that an Agency would still be the right instrument to deal with the challenges of network and information security.

REASONS FOR ACTION

On 13 November the Commission proposed establishment of a European Electronic Communications Market Authority[10]. The Commission proposed that this authority should take over responsibility for the activities of ENISA that fall within the scope of the Regulation establishing the Authority from 14 March 2011 on.

Since the mandate of the Agency will expire on 13 March 2009, in order to ensure continuity it will be necessary to adopt an interim measure for the two years between the scheduled expiry of the Agency and the date when the European Electronic Communications Market Authority will take over responsibility for its activities that fall within the scope of the Regulation establishing the Authority.

2007/0291 (COD)

Proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

amending Regulation (EC) No 460/2004 establishing the European Network and Information Security Agency as regards its duration

(Text with EEA relevance)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty establishing the European Community, and in particular Article 95 thereof,

Having regard to the proposal from the Commission[11],

Having regard to the opinion of the European Economic and Social Committee[12],

Having regard to the opinion of the Committee of the Regions[13],

Acting in accordance with the procedure laid down in Article 251 of the Treaty[14],

Whereas:

1. In 2004 the European Parliament and the Council adopted Regulation (EC) N° 460/2004 establishing the European Network and Information Security Agency[15] (hereinafter referred to as “the Agency”).

2. In March 2007 the Management Board of the Agency issued recommendations regarding appropriate changes to the Regulation. One of these was that the Regulation should be amended to extend the mandate of the Agency but that the scope of the Agency should not be materially changed.

3. In line with the Commission’s Better Regulation strategy, the Commission initiated a public consultation on the extension and future of the Agency, which was held from 13 June to 7 September 2007.

4. On 13 November the Commission proposed establishment of a European Electronic Communications Market Authority[16]. The Commission proposed that this authority take over responsibility for all the activities undertaken by ENISA from 14 March 2011 on that fall within the scope of the Regulation establishing the Authority.

5. Since the mandate of the Agency will expire on 13 March 2009, in order to ensure continuity it is necessary to adopt an interim measure for the two years between the scheduled expiry of the Agency and the date proposed for the European Electronic Communications Market Authority to take over responsibility for the activities of the Agency that fall within the scope of the Regulation establishing the Authority.

6. The duration of the Agency should therefore be extended until 13 March 2011,

HAVE ADOPTED THIS REGULATION:

Article 1 Amendment to Regulation (EC) N° 460/2004

Article 27 of Regulation (EC) No 460/2004 is replaced by the following text:

“Article 27 - Duration

The Agency shall be established from 14 March 2004 for a period of seven years.”

Article 2Entry into force

This Regulation shall enter into force on the day following that of its publication in the Official Journal of the European Union .

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at […],[…]

For the European Parliament For the Council

The President The President

LEGISLATIVE FINANCIAL STATEMENT

1. NAME OF THE PROPOSAL:

Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency.

2. ABM/ABB FRAMEWORK

Policy area(s) concerned and associated activity/activities:

Information society and media

i2010 – Electronic communications policy and network security

3. BUDGET LINES

3.1. Budget lines (operational lines and related technical and administrative assistance lines ( former BA lines), including headings:

09 02 03 European Network and Information Security Agency

09 02 03 01 European Network and Information Security Agency – Subsidy under Titles 1 and 2

09 02 03 02 European Network and Information Security Agency – Subsidy under Title 3

3.2. Duration of the action and of the financial impact:

This current financial statement is based on an extension until 13 March 2011.

3.3. Budgetary characteristics:

Budget line | Type of expenditure | New | EFTA contribution | Contributions from applicant countries | Heading in financial perspective |

09 02 03 01 | Non-comp | Diff[17] | No | Yes | No | No 1.a Competitiveness for growth and employment |

09 02 03 02 | Non-comp | Diff | No | Yes | No | No 1.a Competitiveness for growth and employment |

4. SUMMARY OF RESOURCES

4.1. Financial resources

4.1.1. Summary of commitment appropriations (CA) and payment appropriations (PA)

EUR million (to 3 decimal places)

Expenditure type | Section No | 14 Mar – 31 Dec 2009 | 2010 | 1 Jan – 13 Mar 2011 | 2012 | 2013 | 2014 and later | Total |

Operational expenditure (Title 3) |

Commitment appropriations (CA) | 8.1. | a | 2.192 | 2.788 | 0.563 | 5.543 |

Payment appropriations (PA) | b | 2.192 | 2.788 | 0.563 | 5.543 |

Administrative expenditure within reference amount (Titles 1 and 2) |

Technical & administrative assistance (NDA) | 8.2.4. | c | 4.482 | 5.702 | 1.151 | 11.335 |

TOTAL REFERENCE AMOUNT |

Commitment Appropriations | a+c | 6.674 | 8.490 | 1.714 | 16.878 |

Payment Appropriations | b+c | 6.674 | 8.490 | 1.714 | 16.878 |

Administrative expenditure not included in the reference amount[18] |

Human resources and associated expenditure (NDA) | 8.2.5. | d | 0.329 | 0.410 | 0.081 | 0.819 |

Administrative costs, other than human resources and associated costs, not included in the reference amount (NDA) | 8.2.6. | e | 0.008 | 0.010 | 0.002 | 0.020 |

Total indicative financial cost of intervention |

TOTAL CA, including cost of human resources | a+c+d+e | 7.011 | 8.910 | 1.797 | 17.717 |

TOTAL PA, including cost of human resources | b+c+d+e | 7.011 | 8.910 | 1.797 | 17.717 |

Co-financing details

If the proposal involves co-financing by Member States or other bodies (please specify which), an estimate of the level of this co-financing should be indicated in the table below (further lines may be added if co-financing by different bodies is planned):

EUR million (to 3 decimal places)

Co-financing body | 14 Mar – 31 Dec 2009 | 2010 | 1 Jan – 13 Mar 2011 | 2012 | 2013 | 2014 and later | Total |

f |

TOTAL CA, including co-financing | a+c+d+e+f | 7.011 | 8.910 | 1.797 | 17.717 |

4.1.2. Compatibility with financial programming

( Proposal is compatible with existing financial programming.

( Proposal will entail reprogramming of the relevant heading in the financial perspective.

( Proposal may require application of the provisions of the Interinstitutional Agreement[19] (i.e. flexibility instrument or revision of the financial perspective).

4.1.3. Financial impact on revenue

( Proposal has no financial implications on revenue

( Proposal has financial impact – the effect on revenue is as follows:

EUR million (to one decimal place)

Prior to action [Year n-1] | Situation following action |

Total number of human resources | 55 | 55 | 55 |

5. CHARACTERISTICS AND OBJECTIVES

5.1. Need to be met in the short or long term

As there is not enough time before the end of the current mandate of ENISA for a full and substantive debate on a substantial new proposal, mere extension of ENISA in identical form will allow the European Parliament and the Council rapidly to adopt an interim legal basis to ensure the continuity of ENISA and avoid discontinuity of the measures to deal with the challenges of network and information security.

5.2. Value-added of Community involvement and coherence of the proposal with other financial instruments and possible synergy

As so much depends on networks and information systems, their secure functioning has become a key concern. Information systems are crucial for the whole economy, not only for most sectors of industry, but also for the public sector and for private citizens. Any malfunctioning of such systems concerns everybody – individuals, public administrations and businesses.

Security has therefore become a major policy concern. Governments see a widening responsibility for society and are increasingly making efforts to improve security on their territory. Member States are, however, at different stages of their work and the focus of attention varies. Implementation of the legal framework also varies. There is a lack of interoperability that impedes proper use of the security products.

The work of the Agency focuses on enhancing network and information security in Europe and boosting Member States’ capability, individually and collectively, to respond to major network and information security problems. It aims to ensure systematic cross-border cooperation on network and information security between Member States.

5.3. Objectives, expected results and related indicators of the proposal in the context of the ABM framework

- Improving resilience in European e-communication networks

The work of the Agency up until 2009 will include, among other things, surveys of the resilience obligations, requirements and good practices in use[20], plus analysis of further methods and procedures for improving resilience. In 2009 and 2010, additional pilot projects will be undertaken to assess the validity of the requirements, methods and practices. This programme will follow and support, as appropriate, the review and update of the Electronic Communication Directives.

- Developing and maintaining cooperation between Member States

ENISA should continue building on its efforts to identify Europe-wide security competence circles on topics like awareness-raising and incident response, cooperation on interoperability of pan-European eID[21] and maintenance of a platform supporting European NIS good practice brokerage[22]. From 2009 to 2010, further cooperation between Member States should be achieved with the aim of improving the capabilities of all Member States and increasing the overall levels of coherence and interoperability.

- Identifying emerging risks for creating trust and confidence

Throughout 2009 and 2010, identification of emerging risks will be fine-tuned, giving rise to a practice of systematic data collection, processing, dissemination and feedback. The expected impact will be earlier identification of emerging risks during implementation and roll-out of new applications and services.

- Building information confidence with micro-enterprises

The digital information age is continuing to open up numerous opportunities for businesses, especially for micro-enterprises. However, further development and user adoption of ICT still suffer from vulnerabilities. The goal is to gather and assess micro-enterprises’ needs and expectations in this field, conducting gap analysis exercises and piloting the ENISA risk management assessment approach.

5.4. Method of implementation (indicative)

( Centralised management

( directly by the Commission

( indirectly by delegation to:

( executive Agencies

( bodies set up by the Communities, as referred to in Article 185 of the Financial Regulation

( national public-sector bodies/bodies with public-service mission

( Shared or decentralised management

( with Member States

( with third countries

( Joint management with international organisations (please specify)

Relevant comments:

6. MONITORING AND EVALUATION

6.1. Monitoring system

The Executive Director is responsible for effective monitoring and evaluation of the performance of the Agency against its objectives and reports annually to the Management Board.

The Executive Director drafts a general report covering all the activities of the Agency in the previous year which, in particular, compares the results achieved with the objectives of the annual work programme. Following adoption by the Management Board, this report is forwarded to the European Parliament, the Council, the Commission, the Court of Auditors, the European Economic and Social Committee and the Committee of the Regions and published.

6.2. Evaluation

Since ENISA was established in 2004, it has been subject to external and internal evaluations.

In accordance with Article 25 of the ENISA Regulation, the first step in this process was independent evaluation of ENISA by a panel of external experts in 2006/2007. The report by the panel of external experts[23] confirmed that the original policy reasons for establishing ENISA and its original goals are still valid and was also instrumental in raising some of the issues that need to be tackled.

In March 2007 the Commission reported on the evaluation to the Management Board which subsequently made its own recommendations on the future of the Agency and on changes to the ENISA Regulation[24].

In June, 2007 the Commission submitted its own appraisal of the results of the external evaluation and the recommendations of the Management Board in a Communication to the European Parliament and the Council[25]. The Communication stated that a choice needs to be made between whether to extend the mandate of the Agency or to replace the Agency by another mechanism, such as a permanent forum of stakeholders or a network of security organisations. The Communication also launched a public consultation on the matter, soliciting input from European stakeholders with a list of questions to guide further discussions[26].

7. Anti-fraud measures

Payments for any service or studies requested are checked by the Agency’s staff prior to payment, taking into account any contractual obligations, economic principles and good financial or management practice. Anti-fraud provisions (supervision, reporting requirements, etc.) will be included in all agreements and contracts concluded between the Agency and recipients of any payments.

8. DETAILS OF RESOURCES

8.1. Objectives of the proposal in terms of their financial cost

Commitment appropriations in EUR million (to 3 decimal places)

(Headings of objectives, action and outputs should be provided) | 14 Mar – 31 Dec 2009 | 2010 | 1 Jan – 13 Mar 2011 | 2012 | 2013 | 2014 and later | Total cost |

OPERATIONAL OBJECTIVE No 1: Improving resilience in European e-communication networks |

Action 1: Analysis of legal and regulatory measures on resilience of public communication networks |

Action 2: Promotion of exercises for computer crisis management |

Action 3: Development of further measures to improve resilience |

- Output: Virtual group of experts on “improving resilience” (including DNSSEC); reports on resilient backbone and Internet technologies; detailed report on emerging resilience technologies |

Sub-total Objective 1 | 0.245 | 0.305 | 0.060 | 0.610 |

OPERATIONAL OBJECTIVE No 2: Developing and maintaining cooperation between Member States |

Action 1: Cooperation platform for awareness-raising community |

- Output: internal contact list of awareness-raising experts who are part of the ENISA AR community |

Action 2: Security competence circle for CERT community. ENISA will build on the knowledge, established good practice and successful projects from the various existing CERT communities in Europe and beyond |

Sub-total Objective 2 | 0.241 | 0.300 | 0.059 | 0.600 |

OPERATIONAL OBJECTIVE No 3: Identifying emerging risks for creating trust and confidence |

Action 1: Prototype of a database for emerging risks |

Action 2: Position papers aiming at analysing emerging technology threats based on the suggestions of stakeholders and the PSG |

Sub-total Objective 3 | 0.172 | 0.215 | 0.043 | 0.430 |

OPERATIONAL OBJECTIVE No 4: Building information confidence with micro-enterprises |

Action 1: Continued analysis of micro-enterprises’ needs and expectations, building exchanges and knowledge amongst stakeholders |

Action 2: Assessing risk management process for micro-enterprises |

- Output: Pilot projects to develop and use the required risk management knowledge |

Sub-total Objective 4 | 0.088 | 0.110 | 0.022 | 0.220 |

OPERATIONAL OBJECTIVE No 5: Management of horizontal activities |

Action 1: Communicating and reaching out to NIS stakeholders |

Action 2: Managing ENISA bodies and groups, i.e. meetings of the Management Board and of the Permanent Stakeholders’ Group, coordination of Working Groups’ activities and management of the network of National Liaison Officers |

Sub-total Objective 5 | 1.446 | 1.858 | 0.379 | 3.683 |

TOTAL COST | 2.192 | 2.788 | 0.563 | 5.543 |

8.2. Administrative expenditure

8.2.1. Number and type of human resources

Types of post | Staff to be assigned to management of the action using existing and/or additional resources (number of posts/FTEs) |

14 Mar – 31 Dec 2009 | 2010 | 1 Jan – 13 Mar 2011 | 2012 | 2013 | 2014 |

Officials or temporary staff | A*/AD | 29 | 29 | 29 |

B*, C*/AST | 15 | 15 | 15 |

Other staff | 11 | 11 | 11 |

TOTAL | 55 | 55 | 55 |

8.2.2. Description of tasks deriving from the action

The Agency will continue to:

- have advisory and coordinating functions, where it gathers and analyses data on information security. Today both public and private organisations with different objectives gather data on IT incidents and other data relevant to information security. There is, however, no central entity at European level that, in a comprehensive manner, can collect and analyse data and provide opinions and advice to support the Community’s policy work on network and information security;

- serve as a centre of expertise to which both Member States and Community institutions can turn for opinions and advice on technical matters relating to security;

- contribute to broad cooperation between different actors in the information security field, e.g. assist in the follow-up activities in support of secure e-business. Such cooperation will be a vital prerequisite for secure functioning of networks and information systems in Europe. Participation and involvement of all stakeholders is necessary;

- contribute to a coordinated approach to information security by providing support to Member States , e.g. on promotion of risk assessment and awareness-raising activities;

- ensure interoperability of networks and information systems when Member States apply technical requirements that affect security;

- identify the relevant standardisation needs and assess existing security standards and certification schemes and promote their widest possible use in support of the European legislation;

- support international cooperation in this field which is becoming more and more necessary as network and information security issues are global.

8.2.3. Sources of human resources ( covered by the Staff Regulations)

( Posts currently allocated to the management of the programme to be replaced or extended

( Posts pre-allocated within the APS/PDB exercise for year n

( Posts to be requested in the next APS/PDB procedure

( Posts to be redeployed using existing resources within the managing service (internal redeployment)

( Posts required for year n but not foreseen in the APS/PDB exercise for the year in question

8.2.4. Other administrative expenditure included in reference amount (XX 01 04/05 — Expenditure on administrative management)

EUR million (to 3 decimal places)

Budget line (number and heading) | 14 Mar – 31 Dec 2009 | 2010 | 1 Jan – 13 Mar 2011 | 2012 | 2013 | 2014 and later | TOTAL |

Title 2 – Functioning of the Agency This appropriation is intended to cover: buildings and associated costs, movable property and associated costs, current administrative expenditure and ICT expenditure | 0.501 | 0.637 | 0.129 | 1.266 |

Total technical and administrative assistance | 4.482 | 5.702 | 1.151 | 11.335 |

8.2.5. Financial cost of human resources and associated costs not included in the reference amount

EUR million (to 3 decimal places)

Type of human resources | 14 Mar – 31 Dec 2009 | 2010 | 1 Jan – 13 Mar 2011 | 2012 | 2013 | 2014 and later |

Officials and temporary staff (XX 01 01) | 0.329 (3.5 officials) | 0.410 (3.5 officials) | 0.081 (3.5 officials) |

Staff funded by Article XX 01 02 (auxiliaries, seconded national experts, contract staff, etc.) (specify budget line) |

Total cost of human resources and associated costs (NOT in the reference amount) | 0.329 | 0.410 | 0.081 |

This is the cost of the staff assigned to evaluation, monitoring and coordination of the Agency within the Commission.

Calculation – Officials and temporary agents

In 2009-2010, 3.5 officials/year will be allocated to the tasks of supervision, budget monitoring and funding and coordination between the Commission and the Agency. For details, see Table 8.2.5. The estimate of the workload is based on the experience from working with the Agency so far.

Calculation– Staff financed under Article XX 01 02

No such staff envisaged.

8.2.6. Other administrative expenditure not included in the reference amount EUR million (to 3 decimal places) |

14 Mar – 31 Dec 2009 | 2010 | 1 Jan – 13 Mar 2011 | 2012 | 2013 | 2014 and later | TOTAL |

XX 01 02 11 01 – Missions | 0.008 | 0.010 | 0.002 | 0.020 |

XX 01 02 11 02 – Meetings and conferences |

XX 01 02 11 03 – Committees[27] |

XX 01 02 11 04 – Studies and consultations |

XX 01 02 11 05 – Information systems |

2 Total other management expenditure (XX 01 02 11) |

3 Other expenditure of an administrative nature (specify, including reference to budget line) |

Total administrative expenditure, other than human resources and associated costs (NOT included in the reference amount) | 0.008 | 0.010 | 0.002 | 0.020 |

Calculation – Other administrative expenditure not included in the reference amount.

[1] COM(2005) 229.

[2] COM(2006) 251, 31.5.2006.

[3] OJ C 68, 24.3.2007, p. 1.

[4] Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency, OJ L 77, 13.3.2004, p. 1 (hereinafter referred to as the “ENISA Regulation”).

[5] COM(2003) 63, 11.2.2003.

[6] Available at: http://ec.europa.eu/dgs/information_society/evaluation/studies/index_en.htm.

[7] Available at: http://enisa.europa.eu/pages/03_02.htm.

[8] Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions – A strategic review of better regulation in the European Union, COM(2006) 689.

[9] A link to the results of the public consultation is available at the following website: http://ec.europa.eu/information_society/policy/nis/enisa/index_en.htm.

[10] Proposal for a Regulation of the European Parliament and of the Council establishing the European Electronic Communications Market Authority, COM(2007) 699.

[11] OJ C […], […], p. […].

[12] OJ C […], […], p. […].

[13] OJ C […], […], p. […].

[14] OJ C […], […], p. […].

[15] Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency (OJ L 77, 13.3.2004, p. 1).

[16] Proposal for a Regulation of the European Parliament and of the Council establishing the European Electronic Communications Market Authority, COM(2007) 699.

[17] Differentiated appropriations.

[18] Expenditure within Chapter xx 01 other than Articles xx 01 04 or xx 01 05.

[19] See points 19 and 24 of the Interinstitutional Agreement.

[20] Such surveys will build on those conducted by ENISA in 2006 and 2007 on the security measures implemented by the e-communication operators.

[21] This support will follow up the work conducted by ENISA in 2006 and 2007 on a common language to improve eID interoperability.

[22] This platform is a follow-up to the work conducted in 2007 to define a roadmap on establishment of European NIS good practice brokerage.

[23] http://ec.europa.eu/dgs/information_society/evaluation/studies/index_en.htm.

[24] As provided for in Article 25 of the ENISA Regulation. The full text of the document adopted by the ENISA Management Board, which also contains the Board’s considerations, is available at the following website: http://enisa.europa.eu/pages/03_02.htm.

[25] Communication from the Commission to the European Parliament and the Council on the evaluation of the European Network and Information Security Agency (ENISA), COM(2007) 285 final of 1.6.2007: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52007DC0285:EN:NOT.

[26] http://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=EnisaFuture&lang=en.

[27] Specify the type of committee and the group to which it belongs.