Supporting the implementation of Union policy and law regarding cybersecurity
Cybersecurity Policy
Cybersecurity has a prominent role in several EU legal instruments. It is often mentioned as an explicit obligation or as a requirement for building trust. The NIS2 Directive (EU 2022/2555) entered into force replacing Directive (EU) 2016/1148. The goal of the NIS2 is to further develop cybersecurity across the EU. ENISA is working with Member States to identify best EU-wide practices in their efforts to implement the Directive.
As digital threats have since grown in number and sophistication, the expansion of the legislation through the NIS2 Directive entered in force on January 16 2023 to better protect supply chains as well as streamline and harmonise supervisory measures.
Whether concerning specific instances related to eIDAS and electronic identities, personal data protection or Privacy by Design to ensure built-in privacy measures to systems, projects and operations, ENISA is at the forefront of offering state-of-the-art advice and counsel to improve the quality of people’s everyday lives online.
ENISA has taken an engineering approach to analysing legal obligations and translating them into technical requirements while, through its policy observatory approach, it also advises Member States on upgrading security measures related to current and future EU legislation such as the EECC, DORA, the Electricity Code and other similar rules aimed at protecting cross-border internal market transactions of goods and services.
- ENISA has long experience in identifying best practices to bring Member States into alignment to counteract the greater scope and scale of the EU's external and internal cyber threats.
- Working closely with policy experts, ENISA brings vision and state-of-the-art experience to help counteract or hinder threats to the supply chains of goods and services. It also helps facilitate a swifter understanding of legislative impacts on upgrading and aligning cybersecurity measures across the borders of the internal market.
- On key specific existing laws (e.g. EECC, eIDAS, GDPR) and draft legislation, ENISA is well placed to advise Member States bodies on bringing their policies up to date and closer to EU-wide voluntary harmonisation.