On June 8, 2018, a political agreement was reached in the European Union (“EU”) that paves the way to an EU framework that would set up certification schemes to apply to a range of online services and connected consumer devices, as well as the transformation of the mandate of the European Union Agency for Network and Information and Security (“ENISA”), to be renamed as the EU’s Cyber Security Agency (the “Agency”). Negotiations will now start with the European Parliament; the EU Cybersecurity Act could be finalized as early as the end of 2018.
With the recent implementation deadline passing for the Network and Information Security (“NIS”) Directive and a reinforced focus on security measures in the General Data Protection Regulation, cybersecurity is high on the EU political agenda.