About ENISA - The European Union Agency for Cybersecurity

The European Union Agency for Cybersecurity, ENISA, is the Union's agency dedicated to achieving a high common level of cybersecurity across Europe.

The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe. Established in 2004 and strengthened by the EU Cybersecurity Act, the European Union Agency for Cybersecurity contributes to EU cyber policy, enhances the trustworthiness of ICT products, services and processes with cybersecurity certification schemes, cooperates with Member States and EU bodies, and helps Europe prepare for the cyber challenges of tomorrow. Through knowledge sharing, capacity building and awareness raising, the Agency works together with its key stakeholders to strengthen trust in the connected economy, to boost resilience of the Union’s infrastructure, and, ultimately, to keep Europe’s society and citizens digitally secure.

In a world that has become hyper-connected, cybercriminals pose a significant threat to the internal security of the European Union and security of its citizens online. The COVID-19 pandemic has highlighted the need for more security in the digital world. People have increased their presence online to maintain personal and professional relations, while cybercriminals have taken advantage of this situation, targeting in particular e-commerce and e-payment businesses, as well as the healthcare system. The ENISA Corporate video reflects our new vision: working towards a trusted and cyber secure Europe in cooperation with the wider community.

Empowering Communities

Cybersecurity is a shared responsibility. Europe strives for a cross sectoral, all-inclusive cooperation framework. ENISA plays a key role in stimulating active cooperation between the cybersecurity stakeholders in Member States and the EU institutions and agencies. It strives to ensure complementarity of common efforts, by adding value to the stakeholders, exploring synergies and effectively using limited cybersecurity expertise and resources. Communities should be empowered to scale up the cybersecurity model.

Cybersecurity Policy

Cybersecurity is the cornerstone of digital transformation and the need for it permeates all sectors, therefore it needs to be considered across a broad range of policy fields and initiatives. Cybersecurity must not be restricted to a specialist community of technical cyber experts. Cybersecurity must therefore be embedded across all domains of EU policy. Avoiding fragmentation and the need for a coherent approach while taking into account the specificities of each sector is essential.

Operational Cooperation

The benefits of the European digital economy and society can only be fully attained under the premise of cybersecurity. Cyber-attacks know no borders. All layers of society can be impacted and the Union needs to be ready to respond to massive (large scale and cross-border) cyber-attacks and cyber crisis. Cross-border interdependencies have highlighted the need for effective cooperation between Member States and the EU institutions for faster response and proper coordination of efforts at all levels (strategic, operational, technical and communications).

Capacity Building

The frequency and sophistication of cyberattacks is rising speedily, while at the same time the use of ICT infrastructures and technologies by individuals, organisations, and industries is increasing rapidly. The needs for cybersecurity knowledge and competences exceeds the supply. The EU has to invest in building competences and talents in cybersecurity at all levels, from the non-expert to the highly skilled professional. The investments should focus not only on increasing the cybersecurity skillset in the Member States but also on making sure that the different operational communities possess the appropriate capacity to deal with the cyber threat landscape.

Trusted Solutions

Digital products and services bring benefits as well as risks, and these risks must be identified and mitigated. In the process of evaluating security of digital solutions and ensuring their trustworthiness, it is essential to adopt a common approach, with the goal to strike a balance between societal, market, economic and cybersecurity needs. A neutral entity acting in a transparent manner will increase customer trust on digital solutions and the wider digital environment.

Foresight

Numerous new technologies, still in their infancy or close to mainstream adoption, would benefit from the use of foresight methods. Through a structured process enabling dialogue among stakeholders, decision- and policy-makers would be able to define early mitigation strategies that improve the EU resilience to cybersecurity threats and find solutions to address emerging challenges.

Knowledge

The energy that fuels the mill of cybersecurity is information and knowledge. For cybersecurity professionals to be efficient at tackling our objectives, to work in a constantly moving environment – in terms of digital developments as well as with regard to actors – to face the challenges of our time, we need a continuous process of collecting, organising, summarising, analysing, communicating, and maintaining cybersecurity information and knowledge. All phases are essential to ensure that information and knowledge is shared and expanded within the EU cybersecurity ecosystem.

ENISA's Regulation is the Regulation (EU) 2019/881 of the European Parliament and of the EU Council of 17 April 2019 (Cybersecurity Act) on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013.

Management Board

The Management Board is ensuring that the Agency carries out its tasks under conditions which enables it to serve in accordance with the founding Regulation.

Learn more

Executive Board

The Executive Board is preparing decisions to be adopted by the Management Board.

Learn more

Executive Director

The Executive Director is responsible for managing the Agency and performs his/her duties independently.

Learn more

National Liaison Officers Network

The NLOs facilitate the exchange of information between ENISA and the EU Member States.

Learn more

Advisory Group

The Advisory Group advises the Executive Director on drawing up a major part of the annual work programme.

Learn more

Ad hoc Working Groups

The Executive Director establishes ad hoc Working Groups composed of experts. The ad hoc Working Groups are addressing specific technical and scientific matters.

The Regulation 2019/881 also foresees that ENISA shall assist the Commission in providing the secretariat of the European Cybersecurity Certification Group (ECCG) and ENISA shall provide the secretariat of the Stakeholder Cybersecurity Certification Group (SCCG).

To learn more about our activities, please visit the ENISA Topics Webpage