Data & Privacy
- Data Act
- Data Governance Act
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
Cybersecurity
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
Cybersecurity Act
- Recitals
TITLE I
General provisionsArticles 1 — 2
TITLE II — CHAPTER I
Mandate and objectivesArticles 3 — 4
TITLE II — CHAPTER II
TasksArticles 5 — 12
TITLE II — CHAPTER III
Organisation of ENISAArticles 13 — 28
TITLE II — CHAPTER IV
Establishment and structure of ENISA’s budgetArticles 29 — 33
TITLE II — CHAPTER V
StaffArticles 34 — 37
TITLE II — CHAPTER VI
General provisions concerning ENISAArticles 38 — 45
TITLE III
Cybersecurity certification frameworkArticles 46 — 65
TITLE IV
Final provisionsArticles 66 — 69
ANNEXES
CSA Article 9. Knowledge and information
- ENISA shall:
- (a)perform analyses of emerging technologies and provide topic-specific assessments on the expected societal, legal, economic and regulatory impact of technological innovations on cybersecurity;
- (b)perform long-term strategic analyses of cyber threats and incidents in order to identify emerging trends and help prevent incidents;
- (c)in cooperation with experts from Member States authorities and relevant stakeholders, provide advice, guidance and best practices for the security of network and information systems, in particular for the security of the infrastructures supporting the sectors listed in Annex II to Directive (EU) 2016/1148 and those used by the providers of the digital services listed in Annex III to that Directive;
- (d)through a dedicated portal, pool, organise and make available to the public information on cybersecurity provided by the Union institutions, bodies, offices and agencies and information on cybersecurity provided on a voluntary basis by Member States and private and public stakeholders;
- (e)collect and analyse publicly available information regarding significant incidents and compile reports with a view to providing guidance to citizens, organisations and businesses across the Union.
Relevant Recitals for this Article
To understand better the challenges in the area of cybersecurity, and with a view to providing strategic long-term advice to Member States and Union institutions, bodies, offices and agencies, ENISA needs to analyse current and emerging cybersecurity risks. For that purpose, ENISA should, in cooperation with Member States and, as appropriate, with statistical bodies and other bodies, collect relevant publicly available or voluntarily shared information and perform analyses of emerging technologies and provide topic-specific assessments on the expected societal, legal, economic and regulatory impact of technological innovations on network and information security, in particular cybersecurity. ENISA should, furthermore, support Member States and Union institutions, bodies, offices and agencies in identifying emerging cybersecurity risks and preventing incidents, by performing analyses of cyber threats, vulnerabilities and incidents.
In order to increase the resilience of the Union, ENISA should develop expertise in the field of cybersecurity of infrastructures, in particular to support the sectors listed in Annex II to Directive (EU) 2016/1148 and those used by the providers of the digital services listed in Annex III to that Directive, by providing advice, issuing guidelines and exchanging best practices. With a view to ensuring easier access to better-structured information on cybersecurity risks and possible remedies, ENISA should develop and maintain the ‘information hub’ of the Union, a one-stop-shop portal providing the public with information on cybersecurity originating in Union and national institutions, bodies, offices and agencies. Facilitating access to better-structured information on cybersecurity risks and possible remedies could also help Member States bolster their capacities and align their practices, thus increasing their overall resilience to cyberattacks.