New EU regulation to strengthen cybersecurity

Since the beginning of 2024, the European Union has implemented new rules regarding cybersecurity, with the primary aim of increasing the resilience and cyber security of its institutions and organizations. Johannes Hahn emphasized the importance of this step in view of the growing cunning of cyber attacks, calling for the urgency of adapting to the stringent cybersecurity standards applied to Member States, as defined in the Nis 2 directive.

The establishment of the IICB for cybersecurity monitoring

The fulcrum of the new legislation is the creation of the IICB (Inter-Institutional Cybersecurity Board) which would act as a bulwark for monitoring and support in the implementation of the new imposed directives. The IICB will be tasked with strategically steering Cert-EU, within its renewed and expanded mandate, and providing ongoing guidance to EU entities to ensure compliance with the new rules.

Expanded mandate for Cert-Eu

Another salient aspect of the regulation is the extension of the mandate of the Cert-EU (Computer Emergency Response Team), which is transformed into a more comprehensive body, with new responsibilities as an intelligence, information sharing and coordination center with respect to processing of cyber incidents. The Cert-Eu, renamed as the IT Security Service, will take on a crucial role in advising and supporting the institutions of the European Union.

Implementation and future actions

The EU institutions are called to follow an action plan that aims to establish internal governance for cybersecurity, implementing the new regulations step-by-step. The IICB will be operationalized as soon as possible to monitor cybersecurity activities and policies adopted by EU entities, and to ensure consistent and effective application of the newly introduced rules.