A new certification framework for connected devices and a stronger role for the EU Cybersecurity Agency were backed on July 10 by the European Parliament’s Industry Committee.
The EU cybersecurity scheme will certify that an ICT product, process or service has no known vulnerabilities at the time of the certification’s release and that it complies with international standards and technical specifications.
“Today’s vote is a very important step towards a long-term vision of cybersecurity in the EU for two reasons,” said Rapporteur Angelika Niebler (EPP, DE). “Firstly, from the perspective of consumers, it is important that users have trust and confidence in IT solutions. Secondly, I strongly believe that Europe can become a leading player in cybersecurity. We have a strong industrial base and it is vital to continue working on improving cybersecurity for consumer goods, industrial applications and critical infrastructure.”
According to a European Parliament press release, the certification will be voluntary and, where appropriate, mandatory and will prove confidentiality, integrity, availability and privacy of services, functions and data.
Also, services, functions and data can be accessed and used only by authorised persons, systems or programmes.
What is more, the new draft rules will give a larger budget, more staff and a permanent mandate to the existing European Agency for Network and Information Security (ENISA), with its headquarters in Greece.
ENISA will also become the reference point on the cybersecurity certification scheme, in order to avoid fragmentation of certification schemes in the EU.