Data & Privacy
- Data Act
- Data Governance Act
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
Cybersecurity
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
Cybersecurity Act
- Recitals
TITLE I
General provisionsArticles 1 — 2
TITLE II — CHAPTER I
Mandate and objectivesArticles 3 — 4
TITLE II — CHAPTER II
TasksArticles 5 — 12
TITLE II — CHAPTER III
Organisation of ENISAArticles 13 — 28
TITLE II — CHAPTER IV
Establishment and structure of ENISA’s budgetArticles 29 — 33
TITLE II — CHAPTER V
StaffArticles 34 — 37
TITLE II — CHAPTER VI
General provisions concerning ENISAArticles 38 — 45
TITLE III
Cybersecurity certification frameworkArticles 46 — 65
TITLE IV
Final provisionsArticles 66 — 69
ANNEXES
CSA Article 27. Confidentiality
- 1.Without prejudice to Article 28, ENISA shall not divulge to third parties information that it processes or receives in relation to which a reasoned request for confidential treatment has been made.
- 2.Members of the Management Board, the Executive Director, the members of the ENISA Advisory Group, external experts participating in ad hoc working groups, and members of the staff of ENISA, including officials seconded by Member States on a temporary basis, shall comply with the confidentiality requirements of Article 339 TFEU, even after their duties have ceased.
- 3.ENISA shall lay down, in its internal rules of operation, the practical arrangements for implementing the confidentiality rules referred to in paragraphs 1 and 2.
- 4.If required for the performance of ENISA’s tasks, the Management Board shall decide to allow ENISA to handle classified information. In that case ENISA, in agreement with the Commission services, shall adopt security rules applying the security principles set out in Commission Decisions (EU, Euratom) 2015/443 and 2015/444 . Those security rules shall include provisions for the exchange, processing and storage of classified information.
Relevant Recitals for this Article
ENISA should have rules in place regarding the prevention and the management of conflicts of interest. ENISA should also apply the relevant Union provisions concerning public access to documents as set out in Regulation (EC) No 1049/2001 of the European Parliament and of the Council . The processing of personal data by ENISA should be subject to Regulation (EU) 2018/1725 of the European Parliament and of the Council . ENISA should comply with the provisions applicable to the Union institutions, bodies, offices and agencies, and with national legislation regarding the handling of information, in particular sensitive non-classified information and European Union classified information (EUCI).