Print Friendly, PDF & Email

On Friday 18 November 2022, the European Committee of Permanent Representatives adopted a regulation to strengthen cybersecurity within EU institutions, bodies and agencies. It includes four measures:

  • Strengthening the mandate and funding of the Computer Emergency Response Team (CERT-EU).
  • Establishing a cross-institutional cybersecurity council to implement the new regulation
  • Improving the exchange of information with CERT-EU
  • Improve coordination and cooperation when responding to cybersecurity incidents.

The initiative to establish a common cybersecurity framework stems from a decision by the European Council on 20 June 2019, which called for improving the EU’s response capacity to cyber and hybrid threats. It is also part of a set of measures put forth in the EU Cyber Security Strategy of December 2020. A first draft by the Commission was presented in June 2022. Thanks to the diplomacy of the Czech Council Presidency, an agreement has now been reached and the Council has adopted its position on the proposed regulation to strengthen cybersecurity. As of now, the trialogue can begin within the EU legislative process. In this process, the Commission, the Council and the European Parliament coordinate their positions on the proposed regulation.

There is considerable pressure to standardise cyber security in the EU, especially after an incident in mid-November, in which, according to the French government, data from Thales ended up on the Dark Web. Additionally, the German Bundestag has repeatedly been subjected to cyber attacks over the past few years, and the European Parliament, which is currently celebrating its 70th anniversary, was targeted by a cyber attack on 23 November 2022. According to European Parliament President Roberta Metsola, a pro-Russian organisation was responsible for the “sophisticated cyberattack”, and notably the attack took place on the same day that the European Parliament condemned Russia as a state sponsor of terrorism.

On its website, the Council of the EU points out that the number and sophistication of cyberattacks and cybercrime in Europe is expected to increase, as an estimated 22.3 billion devices worldwide will be connected to the Internet of Things by 2024. This is one of the key reasons for the EU’s efforts to promote cyber defence capabilities, to fight cybercrime and to strengthen cyber diplomacy.