Commission welcomes political agreement on new rules to boost cybersecurity in EU institutions, bodies, offices and agencies


The Commission welcomes the political agreement reached between the European Parliament and the Council of the EU on the Regulation proposed by the Commission laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union. Negotiations have now concluded, paving the way for final approval of the legal text by the European Parliament and the Council.

The Commission announced the proposal for the Cybersecurity Regulation in March 2022. This Regulation will put in place a framework for governance, risk management and control across EU entities in cybersecurity, with a new inter-institutional Cybersecurity Board to monitor its implementation. It will also extend the mandate of the Computer Emergency Response Team for the EU institutions, bodies, offices and agencies (CERT-EU), as a threat intelligence, information exchange and incident response coordination hub, a central advisory body, and a service provider. CERT-EU will be renamed to ‘Cybersecurity Service for the Union institutions, bodies, offices and agencies’ to reflect its new mandate while keeping the short name CERT-EU for recognition purposes.

The key elements of the proposal for all EU institutions, bodies, offices and agencies are the following:

  • Have a framework for governance, risk management and control in the area of cybersecurity;
  • Conduct regular maturity assessments;
  • Implement cybersecurity measures addressing the identified risks;
  • Put in place a plan for improving their cybersecurity;
  • Share incident-related information with CERT-EU without undue delay.

Next Steps

Once the text is finalised, the European Parliament and the Council will have to formally adopt the new Regulation before it can enter into force. Union entities will then be required to comply with the obligations and meet the deadlines specified in the text. This will contribute to ensuring higher levels of cybersecurity in the EU administration and be better prepared to face future challenges.


In its resolution from March 2021, the Council of the European Union stressed the importance of a robust and consistent security framework to protect all EU personnel, data, communication networks, information systems and decision-making processes. This can only be achieved through enhanced resilience and improved security culture of the EU institutions, bodies, offices and agencies.

Following the EU Security Union Strategy and the EU Cybersecurity Strategy, the Cybersecurity Regulation will ensure consistency with existing EU cybersecurity policies, in full alignment with current European legislation:

Article Source

About the Mediterranean Observer

The Mediterranean Observer is a news portal dedicated to travel tourism, and hospitality in the Mediterranean region. This portal is managed by the Mediterranean Tourism Foundation, based in the Mediterranean country of Malta.