My favourites

Chapter II – Tasks (Art. 5-12)

Art. 5 CSA - Development and implementation of Union policy and law arrow_right_alt

ENISA shall contribute to the development and implementation of Union policy and law, by:

  1. assisting and advising on the development and review of Union policy and law in the field of cybersecurity and on sector-specific policy and law initiatives where matters related to cybersecurity are involved, in particular by providing its independent opinion and analysis as well as carrying out preparatory work;
  2. assisting Member States to implement the Union policy and law regarding cybersecurity consistently, in particular in relation to Directive (EU) 2016/1148, including by means of issuing opinions, guidelines, providing advice and best practices on topics such as risk management, incident reporting and information sharing, as well as by facilitating the exchange of best practices between competent authorities in that regard;
  3. assisting Member States and Union institutions, bodies, offices and agencies in developing and promoting cybersecurity policies related to sustaining the general availability or integrity of the public core of the open internet;
  4. contributing to the work of the Cooperation Group pursuant to Article 11 of Directive (EU) 2016/1148, by providing its expertise and assistance;
  5. supporting:
    1. the development and implementation of Union policy in the field of electronic identity and trust services, in particular by providing advice and issuing technical guidelines, as well as by facilitating the exchange of best practices between competent authorities;
    2. the promotion of an enhanced level of security of electronic communications, including by providing advice and expertise, as well as by facilitating the exchange of best practices between competent authorities;
    3. Member States in the implementation of specific cybersecurity aspects of Union policy and law relating to data protection and privacy, including by providing advice to the European Data Protection Board upon request;
  6. supporting the regular review of Union policy activities by preparing an annual report on the state of the implementation of the respective legal framework regarding:
    1. information on Member States’ incident notifications provided by the single points of contact to the Cooperation Group pursuant to Article 10(3) of Directive (EU) 2016/1148;
    2. summaries of notifications of breach of security or loss of integrity received from trust service providers provided by the supervisory bodies to ENISA, pursuant to Article 19(3) of Regulation (EU) No 910/2014 of the European Parliament and of the Council (1);
    3. notifications of security incidents transmitted by the providers of public electronic communications networks or of publicly available electronic communications services, provided by the competent authorities to ENISA, pursuant to Article 40 of Directive (EU) 2018/1972.

(1) Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73).

Related
Close tabsclose
  • 22
  • 23
  • 24

Recital 22

ENISA should assist the Commission by means of advice, opinions and analyses regarding all Union matters related to policy and law development, updates and reviews in the field of cybersecurity and sector-specific aspects thereof in order to enhance the relevance of Union policies and laws with a cybersecurity dimension and to enable consistency in the implementation of those policies and laws at national level. ENISA should act as a reference point for advice and expertise for Union sector-specific policy and law initiatives where matters related to cybersecurity are involved. ENISA should regularly inform the European Parliament about its activities.

Recital 23

The public core of the open internet, namely its main protocols and infrastructure, which are a global public good, provides the essential functionality of the internet as a whole and underpins its normal operation. ENISA should support the security of the public core of the open internet and the stability of its functioning, including, but not limited to, key protocols (in particular DNS, BGP, and IPv6), the operation of the domain name system (such as the operation of all top-level domains), and the operation of the root zone.

Recital 24

The underlying task of ENISA is to promote the consistent implementation of the relevant legal framework, in particular the effective implementation of Directive (EU) 2016/1148 and other relevant legal instruments containing cybersecurity aspects, which is essential to increasing cyber resilience. In light of the fast evolving cyber threat landscape, it is clear that Member States have to be supported by more comprehensive, cross-policy approach to building cyber resilience.

Art. 6 CSA - Capacity-building arrow_right_alt

Art. 7 CSA - Operational cooperation at Union level arrow_right_alt

Art. 8 CSA - Market, cybersecurity certification, and standardisation arrow_right_alt

Art. 9 CSA - Knowledge and information arrow_right_alt

Art. 10 CSA - Awareness-raising and education arrow_right_alt

Art. 11 CSA - Research and innovation arrow_right_alt

Art. 12 CSA - International cooperation arrow_right_alt