Logo
StreamLex Home
Logo
StreamLex Home
Laws
Laws
Recitals
Recitals
Your feedback
About UsNewsletterTerms of UsePrivacy NoticeLinkedIn
Cybersecurity Act
  • Data & Privacy

    • Data Act
    • Data Governance Act
    • ePrivacy Directive
    • GDPR
  • AI & Trust

    • Artificial Intelligence Act
    • Product Liability Directive
  • Cybersecurity

    • Cybersecurity Act
    • DORA
    • NIS2
  • Digital Services & Media

    • Digital Markets Act
    • Digital Services Act
    • European Media Freedom Act
CSA
Cybersecurity Act

Understanding the Cybersecurity Act

Full name of the law
Full name of the law

Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act)

Link to the official text
Link to the official text
https://eur-lex.europa.eu/eli/reg/2019/881/oj
Adoption date
Adoption date

17 April 2019

Transposition or application date
Transposition or application date

27 June 2019. Some provisions apply from 28 June 2021 (Article 69)

Relevant EU-level authorities and groups
Relevant EU-level authorities and groups
Relevant Member States authorities
Relevant Member States authorities
  • National cybersecurity certification authorities (NCCA)

Objectives of the law
Objectives of the law
Scope
Scope
  • EU Agency for Cybersecurity (ENISA)

  • European Cybersecurity Certification Group (ECCG)

  • European Commission

  • National cybersecurity certification authorities, conformity assessment bodies and other relevant authorities in the EU Member States

  • Manufacturers and providers of ICT products, services and processes submitting to voluntary cybersecurity certification

Key obligations under the law
Key obligations under the law
  • ENISA's obligation to raise public awareness of cybersecurity risks, and provide guidance on good practices including cyber-hygiene and cyber-literacy (Article 10)
  • European Commission's obligation to publish a Union rolling work programme for European cybersecurity certification (Article 47)
  • Member State's obligation to cease existing and not introduce new national cybersecurity certification schemes for ICT products, services and processes covered by a European cybersecurity certification scheme (Article 57)
  • Obligation of a holder of a cybersecurity certificate to inform the relevant body about any vulnerabilities or irregularities concerning the security of the certified ICT product, service or process (Article 56)

CSAon StreamLex, what can I find?

Included in the resources
Included
Included

Guidance (guidelines, recommendations, etc.) and templates issued by ENISA, ECCG and European Commission relevant to the Cybersecurity Act

Included
Included

Legislation (decisions, implementing decisions, implementing regulation, etc.) adopted by the European Commission relevant to the Cybersecurity Act

Included
Included

Relevant registers maintained by the ENISA, ECCG and the European Commission relevant to the Cybersecurity Act

Not included in the resources
Not Included
Not Included

ENISA, ECCG and European Commission consultations, press releases, internal documents, annual reports, leaflets and similar information materials and ad hoc statements that do not constitute guidance

Not Included
Not Included

Draft versions of ENISA, ECCG and European Commission guidance or templates (e.g., issued for the purposes of public consultation) and invalidated guidance and templates (e.g., documents superseded by other guidance)

Not Included
Not Included

Documents issued by the national cybersecurity certification authorities (NCCA)

Not Included
Not Included

EU and national court judgments

Complete Resources for this Law

© 2024 StreamLex

NewsletterAbout UsTerms of UsePrivacy NoticeManage cookies

© 2024 StreamLex