Description of the services
Verification and assessment of the compliance of your environment regarding the most common and emerging directives of the European Union and the Common Economic Area. Audit, consulting, training and seminars according to the following directives and standards:
1. Cyber Resilience Act - 2022/0272 (COD)
2. Cybersecurity Act - REGULATION (EU) 2019/881
3. NISv2 directive - 2020/0359 COM(2020) 823 Directive (EU) 2022/2555
4. Data governance act - COM(2020) 767 final
5. Digital services act - REGULATION (EU) 2022/2065
6. Digital markets act - Regulation (EU) 2022/1925
7. ePrivacy regulation - COM/2017/010 final - 2017/03 (COD)
8. Port State control - DG MOVE.D2 – Maritime safety
9. Cybersecurity – security requirements for ICT product certification
10. Aviation security - Regulation (EC) No 300/2008
11. Network code on cybersecurity - Regulation (EU) 2019/942
12. EU electricity supply Regulation (EU) 2019/943 and Regulation (EU) 2019/941
13. Information security – common rules for EU institutions, bodies and agencies COM(2022)119
14. AI ACT - 52021PC0206
15. NISv2 directive / 2020/0359 COM(2020) 823 Directive (EU) 2022/2555
1. The Cyber Skills Proposal Amendment / COM(2023)208
Comment:At the time of publication of the text, the regulation has not yet been adopted, ENISA is working on developing the framework.
2. Security-related information sharing − reciprocal access for frontline officers in the EU and key partner countries / DG HOME/B3
Comment: The initiative will ensure increased security in the EU as frontline officers will have direct access to security-related information from partner countries, enabling them to take instant action in case someone representing a threat is located. It will also enable frontline officers in partner countries to take action based on security-related information shared with them by EU Member States. Furthermore, it will have an impact on fundamental rights, in particular on the rights to privacy and to protection of personal data. It will be ensured that the initiative respects the Charter of Fundamental Rights
3. Port State control - Further improving safety, security and sustainability of maritime transport
DG MOVE.D2 – Maritime safety Comment: General objective of the initiative: to improve maritime safety, security, pollution prevention and to ensure safe working conditions to maritime workers.
4. Cybersecurity – security requirements for ICT product certification
Comment: This initiative will establish the European cybersecurity certification scheme (EUCC) based on common criteria. The voluntary scheme will introduce a set of security requirements for ICT security products (e.g. firewalls, encryption devices, electronic signature devices) and ICT products with an inbuilt security functionality (i.e. routers, smartphones, bank cards). Users of products certified under this scheme will have greater security.
5. Aviation security – amended rules on common basic standards
Comment:This initiative will amend Regulation (EU) 2015/1998 on the common basic standards for aviation security. It includes:
redesignating airlines, operators and companies that provide security controls for cargo and mail arriving from non-EU countries during the COVID-19 pandemic
introducing pre-loading advance cargo information at operations in non-EU countries
deploying explosives detection equipment at EU airports
clarifying, simplifying and strengthening specific aviation security measures.
6. Network code on cybersecurity
Comment: This initiative will help improve the resilience of the European electricity system and security of supply. It is based on the powers that the European Parliament and the Council conferred to the Commission in the Electricity Regulation to develop sector-specific rules (a ‘network code’) on the cybersecurity aspects of cross-border electricity flows, including rules on common minimum requirements, planning, monitoring, reporting and crisis management.
7. EU electricity supply – sector-specific rules on cybersecurity (network code)
Comment: This initiative will develop rules for the EU electricity sector (‘network code’) to address the cybersecurity aspects of cross-border electricity flows. This will help make the EU’s electricity system more resilient and secure.
It will establish rules on:
- cybersecurity risk assessment
- common minimum cybersecurity requirements
- planning, reporting & monitoring
- crisis management.
8. Information security – common rules for EU institutions, bodies and agencies
Comment: The Commission will prepare the revision of its Information Security Rules and aim at establishing the same rules for all EU institutions, bodies and agencies, similar to the EU Data Protection Regulation or the Financial Regulation. These rules will establish a common base line for information security and facilitate secure exchange of information by harmonizing information security rules and principles covering both classified information and non-classified information. Additionally, this will reduce the burden of developing and maintaining information security rules, which is disproportionate for small EU bodies and agencies. All aspects relating to cybersecurity will be addressed in close collaboration by DG DIGIT in the parallel strand on cybersecurity.
4.1. General objective The general objective of the initiative is to create information security rules for all Union institutions and bodies with the aim to ensuring an enhanced and consistent protection against the evolving threats to their information. This initiative’s aim is to contribute to an efficient and an independent European administration and to prevent major security incidents and leaks. 4.2. Specific objectives The general objective is translated into four specific objectives, each of them corresponding to one of the problem areas identified in section 2.1 above:
- SO 1: Establish harmonised and comprehensive categories of information, as well as common handling requirements for all information handled by the European administration, and facilitate secure information exchange between the UIBs, while minimising the impact on Member States.
- SO 2: Ensure that all Union institutions and bodies identify any security gaps in their processes and implement the measures required to ensure a level playing field of information security.
- SO 3: Establish a lean cooperation scheme on information security between Union institutions and bodies able to foster a coherent information security culture across UIBs.
- SO 4: Modernise the information security policies at all levels of classification/categorization, for all UIBs, taking into account the digital transformation and the development of teleworking as a structural practice.
9. Short name: AI ACT.
Full name: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL LAYING DOWN HARMONISED RULES ON ARTIFICIAL INTELLIGENCE (ARTIFICIAL INTELLIGENCE ACT) AND AMENDING CERTAIN UNION LEGISLATIVE ACTS Document name: 52021PC0206
Comment: It examines the legal aspects and regulations regarding the use of AI and its regulation in accordance with legal norms. There is a reference to the assessed categories of personal data and specifically that the AI used must be in line with this.
10. Cyber Resilience Act / 2022/0272 (COD)
Comment Secure by design, secure by default, vulnerability management, version updates, patch management and more. Software oriented + hardware (microchip) programming level.
11. Cybersecurity Act / REGULATION (EU) 2019/881
Comment: It enters into force on 28 June 2024 and will include the preparation of plans at European Union, National (State) level and where applicable at administrative/municipal level. There are basic criteria set.
12. NISv2 directive / 2020/0359 COM(2020) 823 Directive (EU) 2022/2555
Comment It enters into force on 18 October 2024 and aims to achieve a high overall level of cyber security in the EU. In response to the growing threats posed by digitization and the surge in cyber-attacks, the Commission presents a proposal to amend the MIS Directive and thereby strengthen security requirements, address the security of supply chains, rationalize reporting obligations and introduce -strict supervision measures and stricter enforcement requirements, including sanctions across a harmonized EU.
13. Data act / (COM(2022) 68)
Comment: The Commission is committed to ensuring fairness in how the benefits of data use are shared between businesses, users and responsible public authorities.
This initiative, known as the Data Act, aims to make data easier to access and use, including between businesses and between businesses and governments, and to revise the rules for legal protection of databases.
It strikes the right balance between data access rights and incentives to invest in data without changing current data protection rules.
14. Data governance act / COM(2020) 767 final
Comment: This explanatory memorandum accompanies the proposal for a regulation of the European Parliament and of the Council on data management. This is the first of a set of measures announced in the European Data Strategy 2020. The tool aims to promote the availability of data for use by increasing trust in data intermediaries and by strengthening data sharing mechanisms across the EU. The tool will handle the following situations:
- Provision of public sector data for re-use in situations where this data is subject to the rights of others.
- Sharing data between businesses against remuneration in any form.
- Allowing the use of personal data using a "personal data sharing broker" designed to help individuals exercise their rights under the General Data Protection Regulation (GDPR).
- Allowing data to be used on altruistic grounds.
- the provider takes measures to ensure a high level of security in the storage and transmission of non-personal data;
15. Digital services act / REGULATION (EU) 2022/2065
Comment: Safer digital space: Digital Services Act
The Digital Services Act will give people more control over what they see online: users will have better information over why specific content is recommended to them and will be able to choose an option that does not include profiling. Targeted advertising will be banned for minors and the use of sensitive data, such as sexual orientation, religion or ethnicity, won’t be allowed.
The new rules will also help protect users from harmful and illegal content. They will significantly improve the removal of illegal content, making sure it is done as fast as possible. It will also help tackle harmful content, which, like political or health-related disinformation, doesn’t have to be illegal, and introduce better rules for the protection of freedom of speech.
The Digital Services Act will also contain rules making sure that products sold online are safe and follow the highest standards set in the EU. Users will have better knowledge of the real sellers of products that they buy online.
16. Digital markets act / Regulation (EU) 2022/1925
Comment: Regulating big tech practices: Digital Markets Act
The purpose of the Digital Markets Act is to ensure a level playing field for all digital companies, regardless of their size. The regulation will lay down clear rules for big platforms - a list of “dos” and “don’ts” - which aim to stop them from imposing unfair conditions on businesses and consumers. Such practices include ranking services and products offered by the gatekeeper itself higher than similar services or products offered by third parties on the gatekeeper's platform or not giving users the possibility of uninstalling any preinstalled software or app.
Interoperability between messaging platforms will improve - users of small or big platforms will be able to exchange messages, send files or make video calls across messaging apps.
The rules should boost innovation, growth and competitiveness and will help smaller companies and start-ups compete with very large players.
17. ePrivacy regulation / COM/2017/010 final - 2017/03 (COD)
Comment: ePrivacy Regulation 2021 protects all electronic communications as by default private and confidential – in order to process, listen, monitor or otherwise collect data about individuals' electronic communications inside the EU, end-users must first provide explicit and affirmative consent.
What are the differences between ePrivacy and GDPR? While GDPR only applies to the processing of personal data, ePrivacy regulates electronic communication even if it concerns non-personal data. Also, in the case of cookies, the ePrivacy generally takes precedence.
Contact our consultants if you need additional information regarding European Directives related to information security.