CEPIS Proposes Amendments to the EU Cybersecurity Package

cybersecurityAfter review, CEPIS has proposed several amendments to the EU’s Cybersecurity Package to increase the representation of stakeholders in the European Union Agency for Network and Information Security (ENISA). In a letter drafted by CEPIS’s Legal and Security Issues Special Interest Network (LSI SIN), several changes to ENISA’s management board have been proposed to increase the organisation’s effectiveness and efficiency. The letter focused on several changes to the European Commission’s proposal on ENISA.

1. Recital 40 should be amended to enable the representations of stakeholders on its management board to provide the needed expertise, especially for the discussions of the annual work programmes of ENISA.

2. Article 13 should be amended to include representatives from all of ENISA’s stakeholder areas, especially a representative from the European Standardisation Organisations, to ensure the Agency’s effectiveness in evaluating the area of standardisation and certification.

3. New articles should be added, and Article 12 should be amended to establish a Standardisation and Certification Group with a different composition from the Permanent Stakeholder’s group. It is recommended that a separate Standardisation and Certification Group be established, as it would provide representation of the various stakeholders in the standardisation and certification industry without affecting the balance in the existing Permanent Stakeholder’s Group.

CEPIS has already distributed the letter to the European Parliament’s rapporteurs of the Cybersecurity Package, and we invite and encourage all computer societies to approach their Council representatives regarding ENISA's representation of stakeholders. The full letter can be found on the website of CEPIS.