Regulation (EU, Euratom) 2023/2841 laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union

Author (Corporate) ,
Series Title
Series Details 2023/2841
Publication Date 18/12/2023
Content Type , , ,

Summary:

Regulation (EU, Euratom) 2023/2841 - adopted by the co-legislators on 13 December 2023 - laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the European Union (EU).

Further information:

This proposal establishes a framework for ensuring common cybersecurity rules and measures among the EU institutions, bodies and agencies. It aims at further improving all entities’ resilience and incident response capacities. It modernises the existing CERT-EU legal framework and takes account of the changed and increased digitisation of the institutions, bodies and agencies over the years as well as the evolving cybersecurity threat landscape. It renames CERT-EU from Computer Emergency Response Team  to Cybersecurity Centre for the Union institutions, bodies and agencies, in line with similar developments in the Member States and globally, but it retains the acronym.

The draft law was adopted by the European Commission on 22 March 2022, and it built on the EU Security Union Strategy and the EU's Cybersecurity Strategy for the Digital Decade. The Council of the European Union adopted its general approach on 18 November. The plenary of the European Parliament endorsed a negotiating position on 15 March 2023. An informal agreement between the co-legislators on a compromise text for this file was reached on 26 June. This was formally endorsed by the Parliament on 22 November and by the Council on 8 December. The Act was signed by the co-legislators on 13 December 2023 and published in the Official Journal on 18 December 2023.

This Cybersecurity Regulation entered into force on 7 January 2024.
Source Link Link to Main Source http://data.europa.eu/eli/reg/2023/2841/oj
Related Links
Official
EUR-LEX: COM (2022)122: Proposal for a Regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=COM:2022:122:FIN
EUR-LEX: SWD(2022)67: Staff Working Document accompanying the Proposal - Impact Analysis https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=SWD:2022:67:FIN
EUR-LEX: SWD(2022)68: Staff Working Document accompanying the Proposal - Executive Summary of the Impact Analysis https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=SWD:2022:68:FIN
European Parliament: Legislative Observatory: Procedure File for Proposal on High common level of cybersecurity at the institutions, bodies, offices and agencies of the Union (2022/0085(COD)) https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2022/0085(COD)
European Parliament: Legislative Train Schedule: Proposal for a regulation laying down measures on cybersecurity at the institutions, bodies, offices and agencies of the Union https://www.europarl.europa.eu/legislative-train/theme-a-europe-fit-for-the-digital-age/file-proposal-for-cybersecurity-regulation
European Commission: Publications: Proposal for Cybersecurity Regulation https://ec.europa.eu/info/publications/proposal-cybersecurity-regulation_en
European Commission: DG Communications Networks, Content and Technology: Cybersecurity Policies https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-policies
European Commission: Press Release, 22/03/2022: New rules to boost cybersecurity and information security in EU institutions, bodies, offices and agencies https://ec.europa.eu/commission/presscorner/detail/en/ip_22_1866
Council of the European Union: Press Release, 18/11/2022: Cybersecurity at the EU institutions, bodies, offices and agencies: Council adopts its position on common rules https://www.consilium.europa.eu/en/press/press-releases/2022/11/18/cybersecurity-at-the-eu-institutions-bodies-offices-and-agencies-council-adopts-its-position-on-common-rules/
European Commission: Press Release, 26/06/2023: Commission welcomes political agreement on new rules to boost cybersecurity in EU institutions, bodies, offices and agencies https://ec.europa.eu/commission/presscorner/detail/en/ip_23_3483
Council of the European Union: Press Release, 26/06/2023: Cybersecurity at the EU institutions, bodies, offices and agencies: Council and Parliament reach provisional agreement https://www.consilium.europa.eu/en/press/press-releases/2023/06/26/cybersecurity-at-the-eu-institutions-bodies-offices-and-agencies-council-and-parliament-reach-provisional-agreement/
European Commission: Press Release, 07/01/2024: New rules to boost cybersecurity of the EU institutions enter into force https://ec.europa.eu/commission/presscorner/detail/en/ip_23_6782
News
Reuters, 22/03/2022: EU proposes cybersecurity rules for EU bodies amid cyberattack worries https://www.reuters.com/technology/eu-proposes-cybersecurity-rules-eu-bodies-amid-cyberattack-worries-2022-03-22/
EurActiv, 09/03/2023: European Parliament agrees cybersecurity requirements for EU bodies https://www.euractiv.com/section/cybersecurity/news/european-parliament-agrees-cybersecurity-requirements-for-eu-bodies/
Commentary and Analysis
eucrim: News, 26/04/2022: Commission Proposes New Regulations to Improve Cybersecurity and Information Security of EU Administration https://eucrim.eu/news/commission-proposes-new-regulations-to-improve-cybersecurity-and-information-security-of-eu-administration/
EUObserver: Opinion, 24/06/2022: How to enhance EU cybersecurity https://euobserver.com/opinion/155266
European Parliamentary Research Service (EPRS): Briefing, 05/10/2023: High common level of cybersecurity at the institutions, bodies, offices and agencies of the Union https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2022)733625
Subject Categories
Subject Tags
International Organisations