Data & Privacy
- Data Act
- Data Governance Act
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
Cybersecurity
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
Cybersecurity Act
- Recitals
TITLE I
General provisionsArticles 1 — 2
TITLE II — CHAPTER I
Mandate and objectivesArticles 3 — 4
TITLE II — CHAPTER II
TasksArticles 5 — 12
TITLE II — CHAPTER III
Organisation of ENISAArticles 13 — 28
TITLE II — CHAPTER IV
Establishment and structure of ENISA’s budgetArticles 29 — 33
TITLE II — CHAPTER V
StaffArticles 34 — 37
TITLE II — CHAPTER VI
General provisions concerning ENISAArticles 38 — 45
TITLE III
Cybersecurity certification frameworkArticles 46 — 65
TITLE IV
Final provisionsArticles 66 — 69
ANNEXES
Understanding the Cybersecurity Act
Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act)
17 April 2019
27 June 2019. Some provisions apply from 28 June 2021 (Article 69)
National cybersecurity certification authorities (NCCA)
- To achieve a high level of cybersecurity, cyber resilience and trust within the EU by strengthening the EU Agency for Cybersecurity (ENISA) and establishing an EU cybersecurity certification framework for products and services.(Article 1).
EU Agency for Cybersecurity (ENISA)
European Cybersecurity Certification Group (ECCG)
European Commission
National cybersecurity certification authorities, conformity assessment bodies and other relevant authorities in the EU Member States
Manufacturers and providers of ICT products, services and processes submitting to voluntary cybersecurity certification
- ENISA's obligation to raise public awareness of cybersecurity risks, and provide guidance on good practices including cyber-hygiene and cyber-literacy (Article 10)
- European Commission's obligation to publish a Union rolling work programme for European cybersecurity certification (Article 47)
- Member State's obligation to cease existing and not introduce new national cybersecurity certification schemes for ICT products, services and processes covered by a European cybersecurity certification scheme (Article 57)
- Obligation of a holder of a cybersecurity certificate to inform the relevant body about any vulnerabilities or irregularities concerning the security of the certified ICT product, service or process (Article 56)
CSAon StreamLex, what can I find?
Guidance (guidelines, recommendations, etc.) and templates issued by ENISA, ECCG and European Commission relevant to the Cybersecurity Act
Legislation (decisions, implementing decisions, implementing regulation, etc.) adopted by the European Commission relevant to the Cybersecurity Act
Relevant registers maintained by the ENISA, ECCG and the European Commission relevant to the Cybersecurity Act
ENISA, ECCG and European Commission consultations, press releases, internal documents, annual reports, leaflets and similar information materials and ad hoc statements that do not constitute guidance
Draft versions of ENISA, ECCG and European Commission guidance or templates (e.g., issued for the purposes of public consultation) and invalidated guidance and templates (e.g., documents superseded by other guidance)
Documents issued by the national cybersecurity certification authorities (NCCA)
EU and national court judgments