On June 7, 2019, the Official Journal of the European Union (OJEU) published Regulation (EU) 2019/881, the EU Cybersecurity Act.
The EU Cybersecurity Act aims at ensuring the proper functioning of the internal market while achieving a high level of cybersecurity, cyber resilience and trust within the EU. It lays down: (a) the objectives, tasks and organizational matters relating to the European Union Agency for Network and Information Security (ENISA); and (b) a framework for the establishment of European cybersecurity certification schemes for the purpose of ensuring an adequate level of cybersecurity for ICT products, services and processes in the Union, “as well as for the purpose of avoiding the fragmentation of the internal market with regard to cybersecurity certification schemes in the Union.”
The Commission should be empowered to adopt the European cybersecurity certification schemes. These schemes should be implemented and supervised by national cybersecurity certification authorities. Certificates issued under those schemes should be valid and recognized throughout the EU.
The Regulation will enter into force at the end of June 2019.
Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) is available at
For more information on how EU Cibersecurity rules may impact your business, contact Francesca Giannoni-Crystal. Thanks to Federica Romanelli