Cybersecurity – Part 1: ENISA Reform (Regulation)

The EU Commission wants to improve cybersecurity in the EU and for this purpose strengthen the cybersecurity agency ENISA. In cep’s view, this is urgently needed. The proposal to give ENISA a permanent mandate and increasing its funding and staff is also appropriate.


Nevertheless, assigning “operational tasks” to ENISA may mean that efforts are not made at national level giving rise to “freeloading”. Clarity is also required as to which actions ENISA can take when “investigating security incidents” and whether Member States can refuse such investigations by the agency. The extent to which ENISA can collect and use sensitive information and how this information must be protected should also be clarified.