On September 13, 2018, institutions in the European Union (EU) started negotiations to reach a final agreement on the EU Cybersecurity Act (Act). When adopted, the Act will create EU cybersecurity certification schemes for ICT products (i.e., hardware and software elements of network and information systems); services (i.e., services involved in transmitting, storing, retrieving or processing information via network and information systems); and processes (i.e., sets of activities performed to design, develop, deliver and maintain ICT products or services).

The Act should also provide the European Union Agency for Network and Information Security (ENISA) with a permanent mandate and new tasks to support member states, EU institutions and other stakeholders on cyber issues. (For more details on the Act, please see our Legal Update published in June 2018.)

Continue reading.