Cybersecurity Act

The EU Cybersecurity Act

Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act)

Date: 17/04/2019
Date of end of validity: No end date
Target Audience: Alll
Type of Publication: Regulation
Author: European Parliament, Council of the European Union
Version: Multiple languages

Regulation (EU) 2019/881 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification (Cybersecurity Act)

What is the aim of the regulation?

It aims to achieve a high level of cybersecurity*, cyber resilience and trust in the European Union (EU) by setting:

objectives, tasks and organisational matters for a strengthened and renamed European Union Agency for Cybersecurity (ENISA), with a new permanent mandate;
a framework for voluntary European cybersecurity certification schemes for Information and communications technology (ICT) products, services and processes. (..)

EUR-Lex - 32019R0881 - EN - EUR-Lex (europa.eu)

A new amendement

On 18 April 2023, the Commission proposed a targeted amendment to the EU Cybersecurity Act. The proposed amendment will enable the future adoption of European certification schemes for ‘managed security services’ covering areas such as incident response, penetration testing, security audits and consultancy. Certification is key to ensure high level of quality and reliability of these highly critical and sensitive cybersecurity services which assist companies and organisations to prevent, detect, respond to or recover from incidents.

(source: The EU Cybersecurity Act | Shaping Europe’s digital future)