ENISA - the European Union Agency for Network and Information Security

The European Union Agency for Network and Information Security (ENISA) was established in March 2004. This regulation extends its mandate to 2020 and strengthens its ability to tackle cyberattacks and other information security challenges.

ACT

Regulation (EU) No No 526/2013 of the European Parliament and of the Council concerning the European Union Agency for Network and Information Security (ENISA) and repealing Regulation (EC) No 460/2004.

SUMMARY

ENISA began its operations in Crete in 2005. Its mandate is to:

contribute to a high level of network and information security within the EU,
raise awareness of the issues involved,
develop and promote a security conscious culture for the benefit of citizens, consumers, enterprises and public sector organisations.

By doing this, it will help the proper functioning of the internal market.

The Agency’s new mandate took effect on 13 September 2013. The regulation spells out the tasks it performs as follows.

Support the development of EU policy and law by advising on all matters relating to network and information security policy, providing preparatory work and advice and analysing and promoting publication of publicly available strategies.
Support capability building by assisting EU countries, when requested to do so, and EU institutions in developing and improving the prevention, detection and analysis of information security problems and incidents. This includes helping in the creation of Computer Emergency Response Teams (CERTS) and developing an EU early warning system.
Support voluntary cooperation between competent public bodies and stakeholders, including universities and research centres, and promote awareness raising.
Support research and development andstandardisation through international standards for risk management and the security of electronic products, networks and services.
Cooperate with EU institutions and bodies, including those dealing with cybercrime and the protection of privacy and personal data, to create synergies and address issues of common concern.
Contribute to the EU’s efforts to cooperate with non-EU countries and international organisations on network and information security.

The regulation stipulates that the Agency consists of an executive director and staff, a permanent stakeholders’ group and a management board that determines the general direction of the Agency’s work. Under the new regulation, an executive board has also been established.

REFERENCES

Act	Entry into force	Deadline for transposition in the Member States	Official Journal
Regulation (EU) No 526/2013	19.6.2013	-	OJ L 165 of 18.6.2013

Last updated: 06.04.2014