ENISA Mandate and Regulatory Framework
ENISA's Regulation is the Regulation (EU) 2019/881 of the European Parliament and of the EU Council of 17 April 2019 (Cybersecurity Act) on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013.
ENISA through the years
ENISA was founded by the Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency.
The mandate was extended by the Regulation (EC) No 1007/2008 of the European Parliament and of the Council of 24 September 2008 amending Regulation (EC) No 460/2004 establishing the European Network and Information Security Agency as regards its duration and the Regulation 580/2011 of the European Parliament and of the Council of 8th June 2011 amending Regulation (EC) No 460/2004 establishing the European Network and Information Security Agency as regards its duration.
The last extension of ENISA's mandate before it became permanent was done by Regulation (EU) No 526/2013 of the European Parliament and of the Council of 21 May 2013, repealing Regulation (EC) No 460/2004.
In 2019 ENISA celebrates its fifteen-year milestone:
ENISA's fifteen-year milestone was celebrated throughout the year with international and local events, taking stock of the past, as well as looking at the developments over the years, with a particular focus on future challenges.
See also: ENISA: 15 years of building cybersecurity bridges together