A number of measures to improve the cybersecurity efforts across the EU have been provisionally agreed by MEPs and member states.
The European Parliament members have agreed to introduce the first EU-wide cybersecurity certification scheme which will ensure products and services sold in EU countries meet cybersecurity standards.
Consumers will also be more informed through an introduction of information on cybersecurity from these certified products. Manufacturers will have to provide detailed explanations, such as guidance on installation, length of security support and security updates, when selling products.
This decision has been made in line with ensuring proper protection for critical infrastructure such as banking, energy, and water.
A benefit for companies will be they will no longer have to pay for individual tests in every member state where they sell products. The certificate will also guarantee a minimum level of security and companies will be able to certify their own products in order to save time and expensive lab tests.
The Commission will assess the market by 2023 and decide whether this scheme need be made mandatory.
As part of the agreement, a Union rolling programme will be included in the certification schemes to help make initiatives more predictable, transparent and inclusive. There will also be a stakeholders’ certification group established to ensure involvement in strategic priorities on future certification requirements.
The EU’s cybersecurity agency ENISA is also being given more powers to help increase cybersecurity in the EU. Some of its new responsibilities include the running of a security drill to prepare the EU of major cyberattacks.
After the agreement was reached, rapporteur Angelika Niebler (EPP, DE) said, “This important success will enable the EU to keep up with security risks in the digital world for years to come. The agreement is a cornerstone for Europe to become a global player in cyber security. Consumers, as well as the industry, need to be able to trust in IT-solutions.”
Following the provisional agreement, the deal will be put to the Industry, Research and Energy Committee and the Council for approval. The regulation will be enforced 20 days after publication in the Official Journal.
Copyright © 2018 RegTech Analyst