My favourites

About the Cybersecurity Act (CSA)

Full name: Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act).

Type: Regulation

Objective and key elements:

  • Sets the foundation for the Cybersecurity strategy.
  • Security by design requirement introduced
  • Reinforces ENISA, the EU Agency for Cybersecurity, link.
  • Complements NIS (I).
  • Creates a European Cybersecurity certification framework for ICT products, services and processes.

Relevant to: Mainly ENISA, relevant local authorities, certification actors, and suppliers of ICT products, services and processes

Status: In force since 27 June 2019.