Data & Privacy
- Data Act
- Data Governance Act
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
Cybersecurity
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
Cybersecurity Act
- Recitals
TITLE I
General provisionsArticles 1 — 2
TITLE II — CHAPTER I
Mandate and objectivesArticles 3 — 4
TITLE II — CHAPTER II
TasksArticles 5 — 12
TITLE II — CHAPTER III
Organisation of ENISAArticles 13 — 28
TITLE II — CHAPTER IV
Establishment and structure of ENISA’s budgetArticles 29 — 33
TITLE II — CHAPTER V
StaffArticles 34 — 37
TITLE II — CHAPTER VI
General provisions concerning ENISAArticles 38 — 45
TITLE III
Cybersecurity certification frameworkArticles 46 — 65
TITLE IV
Final provisionsArticles 66 — 69
ANNEXES
CSA Article 47. The Union rolling work programme for European cybersecurity certification
- 1.The Commission shall publish a Union rolling work programme for European cybersecurity certification (the ‘Union rolling work programme’) that shall identify strategic priorities for future European cybersecurity certification schemes.
- 2.The Union rolling work programme shall in particular include a list of ICT products, ICT services and ICT processes or categories thereof that are capable of benefiting from being included in the scope of a European cybersecurity certification scheme.
- 3.Inclusion of specific ICT products, ICT services and ICT processes or categories thereof in the Union rolling work programme shall be justified on the basis of one or more of the following grounds:
- (a)the availability and the development of national cybersecurity certification schemes covering a specific category of ICT products, ICT services or ICT processes and, in particular, as regards the risk of fragmentation;
- (b)relevant Union or Member State law or policy;
- (c)market demand;
- (d)developments in the cyber threat landscape;
- (e)request for the preparation of a specific candidate scheme by the ECCG.
- 4.The Commission shall take due account of the opinions issued by the ECCG and the Stakeholder Certification Group on the draft Union rolling work programme.
- 5.The first Union rolling work programme shall be published by 28 June 2020. The Union rolling work programme shall be updated at least once every three years and more often if necessary.
Relevant Recitals for this Article
The Commission should prepare, with the support of the European Cybersecurity Certification Group (the ‘ECCG’) and the Stakeholder Cybersecurity Certification Group and after an open and wide consultation, a Union rolling work programme for European cybersecurity certification schemes and should publish it in the form of a non-binding instrument. The Union rolling work programme should be a strategic document that allows industry, national authorities and standardisation bodies, in particular, to prepare in advance for future European cybersecurity certification schemes. The Union rolling work programme should include a multiannual overview of the requests for candidate schemes which the Commission intends to submit to ENISA for preparation on the basis of specific grounds. The Commission should take into account the Union rolling work programme while preparing its Rolling Plan for ICT Standardisation and standardisation requests to European standardisation organisations. In light of the rapid introduction and uptake of new technologies, the emergence of previously unknown cybersecurity risks, and legislative and market developments, the Commission or the ECCG should be entitled to request ENISA to prepare candidate schemes which have not been included in the Union rolling work programme. In such cases, the Commission and the ECCG should also assess the necessity of such a request, taking into account the overall aims and objectives of this Regulation and the need to ensure continuity as regards ENISA’s planning and use of resources.