ENISA emphasizes the significance of cybersecurity and the role of technological advancements in protecting privacy and security, offering practical tools to support the effective application of relevant legal provisions.
Data protection
Since its establishment, the Agency has taken an engineering approach to analysing the principles of Privacy-by-design as a fundamental principle for embedding data protection safeguards at the heart of new electronic products and services. In this context, Privacy-Enhancing Technologies (PETs) are also studied to support the integration of privacy into systems and services, along with the technical and organisational measures required for secure personal data processing.
ENISA is focusing its efforts on how to engineer data protection in practice and puts forward analyses, recommendations and relevant use cases on how cybersecurity technologies and techniques can support the protection of engineering data and the fulfilment of the GDPR's data protection principles.The Agency has set up an Ad Hoc Working Group on Data Protection Engineering which aims to support the analysis of available or emerging technologies and techniques on the protection of engineering data.
Digital Identity
The eIDAS Regulation (Regulation (EC) 910/2014), a cornerstone of the European Union’s digital transformation, introduced a secure and standardized framework for electronic identification, authentication, and trust services, enabling seamless cross-border digital interactions.
In June 2021, the European Commission released a new framework for EU digital identity by offering citizens and businesses digital wallets that will allow EU citizens to retain their documents such as national digital identities, licenses, diplomas and bank credentials securely in their smartphone. The wallet should also allow them to log in to online services across the EU and to electronically sign their documents.
The Regulation (EU) 2024/1183 establishing the European Digital Identity Framework, entered into force on May 2024, improves upon the eIDAS regulation and extend its benefits. Building upon national systems, it enhances the functionality and usability of national eIDs, ensures mutual recognition of national wallets across member states, and promotes a unified security approach.
ENISA has been in the forefront of the developments and has been supporting the European Commission and Member States in the area of Electronic Identification and Trust Services, including but without being limited to the following:
• security recommendations for the implementation of trust services;
• mapping technical and regulatory requirements;
• promoting the deployment of qualified trust services across Europe;
• raising awareness for relying parties and end-users.
ENISA also supports the European Competent Authorities for Trust Services (ECATS ) Expert Group. Formed in 2015 by ENISA under the European Commission’s auspices, the ENISA ECATS Expert Group, originally known as the Article 19 Expert Group, is an informal group focused on trust services like electronic signatures, seals, timestamps, website authentication certificates, and related services.
Since 2015, the Agency has launched the Trust Services Forum to bring together the stakeholder communities in the qualified trust service market, among them trust service providers, conformity assessment bodies and supervisory authorities. As of 2018, the Trust Services Forum is collocated with the CA Day, organised by D-TRUST and TUVIT.
