Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Government

New EU Regulation Establishes European ‘Cybersecurity Shield’

The European Union has adopted new legislation to establish a cybersecurity shield and ensure adequate security standards for managed security services.

EU and European cyber policy

The Council of the European Union on Monday announced the adoption of two new laws meant to improve the overall cybersecurity across the EU.

The two new laws in the cybersecurity package establish a cybersecurity shield that calls for member states to cooperate in detecting and responding to cyberattacks, and amend the EU’s Cybersecurity Act (CSA) of 2019 to ensure adequate security standards for managed security services.

The first legislative act (PDF) establishes a European Cybersecurity Alert System, a pan-European network of cyberhubs that creates “coordinated detection and situational awareness capabilities, reinforcing the Union’s threat detection and information-sharing capabilities”.

The alert system’s infrastructure will include cross-border cyber hubs that will group together national cyber hubs meant to coordinate cyber threat detection and action activities with other member states.

“The cyber hubs will use state-of-the-art technology, such as artificial intelligence (AI) and advanced data analytics, to detect and share timely warnings on cyber threats and incidents across borders. They will strengthen the existing European framework and, in turn, authorities and relevant entities will be able to respond more efficiently and effectively to cybersecurity incidents,” the European Council said.

The new regulation also establishes a Cybersecurity Emergency Mechanism to support member states in preparing for, detecting, and recovering from major cybersecurity attacks, and a European Cybersecurity Incident Review Mechanism to review and assess major attacks.

The mechanism will support preparedness actions, including testing for potential vulnerabilities; a new EU cybersecurity reserve that will include private incident response services that will intervene at the request of member states; and technical mutual assistance.

The second law (PDF) amends the Union’s cyber resilience through the adoption of certification schemes for managed security services, which play an essential role in preventing, detecting, responding to, and recovering from cyberattacks.

Advertisement. Scroll to continue reading.

“These services can consist of, for example, incident handling, penetration testing, security audits, and consulting related to technical support,” the Council said.

By amending the CSA, the council aims to increase the quality of managed security services, foster the emergence of trusted providers, and prevent market fragmentation in the context of some member states developing their own national certification schemes.

With the presidents of the Council and the European Parliament having signed them, the two laws are expected to be published in the EU’s official journal and will be enforced 20 days after their publication.

Related: Canada Orders TikTok’s Canadian Business to Be Dissolved but Won’t Block App

Related: House Will Try Again on Reauthorization of US Spy Program After Republican Upheaval

Related: Looking at Security Challenges Through the Lens of Different Roles

Related: European Legislation and the American Tech Industry

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.