Skip to main content
Proposal for a regulation

Proposal for Cybersecurity Regulation

Details

Publication date
18 March 2022
Author
Directorate-General for Informatics
Related department
Directorate-General for Informatics

Description

The Commission proposes a Regulation to establish common cybersecurity measures across the European Union institutions, bodies, offices and agencies. The key elements of the proposal for Cybersecurity Regulation:

  • Strengthen the mandate of CERT-EU and provide the resources it needs to fulfil it;
  • Require from all EU institutions, bodies, offices and agencies to:
    • Have a framework for governance, risk management and control in the area of cybersecurity;
    • Implement a baseline of cybersecurity measures addressing the identified risks;
    • Conduct regular maturity assessments;
    • Put in place a plan for improving their cybersecurity, approved by the entity's leadership;
    • Share incident-related information with CERT-EU without undue delay.
  • Set up a new inter-institutional Cybersecurity Board to drive and monitor the implementation of the regulation and to steer CERT-EU;
  • Rename CERT-EU from ‘Computer Emergency Response Team' to ‘Cybersecurity Centre', in line with developments in the Member States and globally, but keep the short name ‘CERT-EU' for name recognition.

Files

21 MARCH 2022
Proposal for a regulation laying down measures on cybersecurity at the institutions, bodies, offices and agencies of the Union
English
(629.36 KB - PDF)
Download
21 MARCH 2022
Commission Staff Working Document – Impact analysis accompanying the proposal for a regulation
English
(680.98 KB - PDF)
Download