European Network and Information Security Agency (ENISA)

Communication networks and information systems have become ubiquitous utilities and their security is of increasing concern to society. To guarantee users the best possible security, the European Union (EU) has set up a European Network and Information Security Agency (ENISA) to advise the Commission and EU countries, as well as to coordinate the measures they are taking to secure their networks and information systems.


Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency [See amending act(s)].


Computing and networking * have become an essential part of the daily lives of European citizens. The exponential development of communication networks and information systems * inevitably raises the question of their security, which has become a subject of growing concern to society.

The growing number of security breaches * has already generated substantial financial damage, undermined user confidence and been detrimental to the development of e-commerce. An attack on key information systems could have major consequences for the provision of services essential for the well-being of European citizens. The proliferation of internet connections and increased networking are making security requirements ever more pressing.

Individuals, public administrations and businesses have reacted by deploying security technologies and security management procedures. However, apart from certain administrative networks, there is no systematic cross-border cooperation on this issue between EU countries.


The European Network and Information Security Agency’s (ENISA) aim is to enhance the capability of the European Union (EU), EU countries and business community to prevent, address and respond to network and information security problems.

In addition, ENISA provides assistance and delivers advice to the Commission and EU countries. It may also be called upon to assist the Commission in the technical preparatory work for updating and developing EU legislation.

Furthermore, ENISA facilitates and enhances cooperation between different actors operating in the public and private sectors in order to achieve a sufficiently high level of security in EU countries.


To achieve the objectives set out above, ENISA:


ENISA comprises:

Requests to ENISA

Requests for advice and assistance from ENISA are to be addressed to the executive director, accompanied by explanatory background information. The European Parliament, the Commission or any competent body appointed by an EU country (such as a national regulatory authority) may make requests to ENISA.


For ENISA’s advice and opinions to be accepted by individuals, public administrations and businesses, its independence must be guaranteed and recognised. Accordingly, the members of the management board, the executive director and the external experts participating in ad hoc working groups must declare the absence of any interest that might place their independence in question.


ENISA must ensure that the public and any interested parties are given objective, reliable and easily accessible information, in particular with regard to the results of its work. Access to ENISA’s documents is in line with the general conditions of Regulation (EC) No 1049/2001.

Seat and duration

ENISA is based in Heraklion, Greece. It will operate from 14 March 2004 for a period of 9 years and 6 months.

Key terms used in the act



Entry into force

Deadline for transposition in the Member States

Official Journal

Regulation (EC) No 460/2004



OJ L 77 of 13.3.2004

Amending act(s)

Entry into force

Deadline for transposition in the Member States

Official Journal

Regulation (EC) No 1007/2008



OJ L 293 of 31.10.2008

Regulation (EC) No 580/2011



OJ L 165 of 24.6.2011


Communication from the Commission to the European Parliament and the Council of 1 June 2007 on the evaluation of the European Network and Information Security Agency (ENISA) [COM(2007) 285 final – Not published in the Official Journal]. ENISA is undergoing an evaluation by an external group of experts who, with ENISA’s management board, will present recommendations on extending its term of running, functions, resources and location. To complement this, the Commission has also decided to launch a public consultation and an impact assessment.

Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions of 31 May 2006: A strategy for a Secure Information Society – “Dialogue, partnership and empowerment” [COM(2006) 251 final – Not published in the Official Journal]. The Commission aims to give new momentum to the European political approach to network and information security. Current challenges should be identified and measures and initiatives to meet them proposed. The Commission’s proposed approach is based on a multipartite schema that brings together all interested parties. This approach is based on dialogue, partnership and empowerment.

See also

Last updated: 22.03.2013