EU Council Enhances Cybersecurity Framework

Brussels (Eurotoday) – The European Council approved new laws to boost cybersecurity capacities in the European Union.

In order to amplify the EU’s solidarity and capacities to detect, be ready for and respond to cybersecurity threats and incidents, today on 2 Dec 2024 the European Council adopted two new laws as part of the cyber security legislative ‘package’, namely the so-called ‘cyber solidarity act’, and a targeted amendment to the cybersecurity act (CSA). 

What are the main elements of the cyber solidarity act?

According to the European Council, the new law blank” rel=”noopener”>sets EU capabilities to make Europe more resilient in front of cyber threats while bolstering cooperation mechanisms. It sets inter alia a ‘cyber security alert system’, a pan-European infrastructure comprised of national and cross-border cyber hubs across the EU. These are subjects in control of sharing information and charged with detecting and operating on cyber threats. 

The cyber hubs will utilise state-of-the-art technology, such as artificial intelligence (AI) and advanced data analytics, to catch and share timely cautions on cyber threats and incidents across borders. They will support the existing European framework and, in turn, management and relevant entities will be able to react more efficiently and effectively to cybersecurity happenings.

Ultimately, the new law establishes an incident assessment instrument to assess, amongst others, the significance of the actions under the cyber emergency mechanism and the usage of the cyber security reserve, as well as the assistance of this regulation to boost the competitive position of the industry and service sectors.

What are the targeted amendments to the Cybersecurity Act of 2019?

EU Council states that this targeted amendment seeks to enhance the EU’s cyber resilience by allowing the future adoption of European certification plans for the so-called ‘managed security services’. The new law also acknowledges the increasing importance of managed security services in the precluding, detection, response, and recovery of cybersecurity incidents. These services can consist of, for example, incident handling, penetration testing, security audits, and consulting connected to technical support.