The European Union (EU) has recently agreed on new rules to enhance cyber incident response and recovery capabilities across member states, introducing what is being called the ‘cyber solidarity act.’ This provisional regulation aims to strengthen the EU’s resilience and ability to respond to cyber threats by implementing new cooperation mechanisms.

One of the key components of this new regulation is the establishment of an EU-wide cybersecurity alert system. This system is designed to facilitate the rapid sharing of information on cyber threats among member states, thereby enabling a coordinated response to potential cyber incidents. The system will be supported by national and cross-border cyber hubs, which will be responsible for detecting and addressing cyber threats, ultimately improving authorities’ ability to respond effectively to major cyber incidents.

Additionally, the cyber solidarity act lays the groundwork for the creation of a cybersecurity emergency mechanism. This mechanism will provide support for preparedness actions, including the testing of entities in critical sectors such as healthcare, transport, and energy. It will also enable mutual financial assistance for entities impacted by cyber incidents and establish a ‘cybersecurity reserve’ consisting of incident response services from the private sector. These services will be ready to intervene at the request of member states or EU institutions during large-scale cybersecurity incidents.

Furthermore, the new regulation includes an evaluation and review mechanism to assess the effectiveness of the cybersecurity measures implemented. This will ensure that the EU continuously evaluates and improves its cyber response capabilities to stay ahead of evolving cyber threats.

In addition to the cyber solidarity act, the EU Council and Parliament have also agreed on a targeted amendment to the 2019 Cybersecurity Act. This amendment aims to establish European certification schemes for managed security services, enhancing the quality and comparability of these service providers while avoiding market fragmentation. This move comes shortly after the adoption of the EU’s first Cybersecurity Certification scheme for digital products in January 2024, signifying the EU’s commitment to enhancing cybersecurity across various sectors.

Mathieu Michel, Belgian Secretary of State for digitisation, administrative simplification, privacy protection, and building regulation, expressed his optimism about the new agreements, stating that they mark significant milestones for Europe’s cyber resilience. These rules will strengthen the EU and member states’ capabilities to prepare for, prevent, respond to, and recover from large-scale cyber threats or incidents. Moreover, the certification of managed security services will help ensure a high common level of cybersecurity services across the EU, benefiting both citizens and businesses.

Following the provisional agreements, the texts will now be submitted to the Council and Parliament for formal adoption. The Council’s Belgian presidency will present the texts to the member states’ representatives for approval at the earliest opportunity. Once approved, the draft acts will undergo a legal and linguistic review before final adoption.

The EU’s focus on boosting cyber response capabilities is evident through various initiatives, such as the major supply chain cyber-attack simulation conducted in 2022. Additionally, the European Central Bank announced that over 100 European banks will undergo testing on their cyber-attack response and recovery capabilities in 2024, highlighting the region’s commitment to strengthening cybersecurity across critical sectors.

In conclusion, the EU’s recent agreements on cyber solidarity and certification schemes reflect a proactive approach to enhancing cyber resilience and response capabilities across member states. By implementing these new rules and mechanisms, the EU aims to effectively address cyber threats and mitigate the impact of potential cyber incidents, ultimately safeguarding the region’s digital infrastructure and ensuring the resilience of its cybersecurity measures.

Source link