The two regulations proposed by the European Commission on 22 March 2022 aim to strengthen the “cyber shield” that the European Union wants to create by strengthening the resilience and reaction capabilities of the institutions in the face of cyber threats, and by facilitating the secure exchange of information between the institutions and the Member States.
“The regulations we are proposing today are a milestone in the EU cybersecurity and information security landscape. They are based on reinforced cooperation and mutual support among EU institutions, bodies, offices and agencies and on a coordinated preparedness and response,” said Johannes Hahn, Commissioner for Budget and Administration.
The first regulation aims to put in place “a framework for governance, risk management and control in the cybersecurity area.” In particular, it strengthens the mandate of the CERT-EU, which is given the tasks of a central advisory body and a cyber intelligence platform. It will have to work closely with the Joint Cyber Unit, which will be operational by 30 June 2023.
The regulation also seeks to impose new cyber rules on all organisations in the European Union through a framework for governance, risk management and control in the cybersecurity area.
The second regulation aims to establish “a minimum set of information security rules and standards for all EU institutions, bodies, offices and agencies.” Its objective is to ensure the protection of information and to promote its secure exchange through standardised practices.