The European Parliament and Council has agreed to bolster threat response and recovery under ‘Cyber Solidarity Act’ across the member states.
Belgium (Brussels Morning Newspaper), EU parliament and Council has reached provisional agreement on ‘Cyber Solidarity Act’ to enhance cybersecurity capacities to tackle large scale threats and incidents all across the Europe. The regulation strives to make substantial efforts to escalate Europe’s cyber-resilience with cooperation mechanisms.
“Today’s agreements set new milestones for Europe’s cyber resilience. These rules will strengthen the EU’s and member states’ capabilities to prepare, prevent, respond, and recover from large-scale cyber threats or incidents. Moreover, creating the possibility for the certification of managed security services will help to ensure a high common level of these cybersecurity services across the EU by facilitating their cross-border provision to the benefit of our citizens and businesses” Mathieu Michel, the Belgian Secretary of State said in a press release.
Main Elements of ‘Cyber Solidarity Act’:
The EU’s regulation includes the establishment of a cyber security alert system, designed to immediate sharing information about large-scale cybersecurity incidents all across the European region. The Cyber Solidarity Act (CSA), adopted in 2019, established the first cybersecurity certification framework for all the member states. This is a pan-European infrastructure composed of national and cross-border cyber hubs across the EU aims to detect and acting on cyber treats. This measure will result into consolidation of existing European framework that will eventually help the relevant authorities and entities to respond more efficiently and effectively to major incidents.
This strategic planning aims to provide:
- support detection and awareness of significant or large-scale cybersecurity threats and incidents
- bolster preparedness and protect critical entities and essential services, such as hospital and public utilities
- strengthen solidarity at EU level, concerted crisis management and response capabilities across member states
- contribute to ensuring a safe and secure digital landscape for citizens and businesses
The new regulation will also lead to the creation of cybersecurity emergency mechanism for effective preparedness for incident response in the region including testing entities in highly critical sectors such as healthcare, transport and energy. This is a new EU cybersecurity reserve consisting of incident response services from the private sector ready to intervene at the request of a member state or EU institutions, bodies, and agencies as well as associated third countries in case of a significant or large-scale cybersecurity incident mutual assistance in financial terms.
Similarly, to assess the effectiveness of the emergency mechanism, an evaluation and review mechanism will also be established to strengthening the competitive position of the industry and service sectors.
The targeted amendment to the cybersecurity act of 2019:
Alongside Cyber Solidarity Pact, the European Union has also approved a targeted amendment to the cybersecurity act of 2019. The amendment aims to establish certification schemes for managing security services intending to amplify the EU’s cyber resilience. These services consist incident handling, penetration testing, security audits, and consulting related to technical support that ultimately will increase their quality and comparability, foster the emergence of trusted cybersecurity service providers, and avoid fragmentation of the internal market.
Following the provisional agreements, the two text will have to be endorsed by the European Parliament and Council in the process of formal adoption. For approval, the Belgian presidency will submit the texts to the member states’ representatives. Once approved, the drafted legislative acts will be submitted for a legal review before formal adoption.
Background:
The European Union has long been working on boosting its cybersecurity response and recovery. The commission since 18 April 2023 adopted the proposal for a regulation laying down measures to strengthen solidarity and capacities in the EU for better detection, preparedness for, and timely response to cybersecurity threats and incidents under ‘Cyber solidarity act.”
There were multiple legislative proposals to initiate cybersecurity regulations. In December 2022, the EU cybersecurity strategy mentioned a cyber security shield to reinforce effective cyber threat detection and large-scale information sharing throughout the Europe. Then ministers of EU member states in charge of telecommunications met informally in Nevers and expressed the wish for the EU to fully prepare to face large-scale cyberattacks on March 2022. Later on, in May 2022, the EU addressed the gaps between the response and preparedness to cyber-attacks that after commission’s proposals, now EU Parliament and Council have finally reached the consensus to ‘Cyber Solidarity Pact.’