On September 15, 2022, the European Commission presented its proposal for a Regulation on horizontal cybersecurity requirements for products with digital elements.
Continue Reading European Commission Publishes Proposal for Cyber Resilience Act
ENISA
EU Parliament Approves the Proposal for Cybersecurity Act
On March 12, 2019, the European Parliament approved the proposal for “Regulation of the European Parliament and of the Council on ENISA,” repealing Regulation (EU) No 526/2013 and an information and communications technology cybersecurity certification.
Continue Reading EU Parliament Approves the Proposal for Cybersecurity Act
Agreement on Proposal for Cybersecurity Act
The European Commission, the European Parliament have reached a proposed agreement with the Council of the European Union regarding changes to the EU’s Cybersecurity Act.
Continue Reading Agreement on Proposal for Cybersecurity Act
European Member States and ENISA Issue SOPs to Manage Multinational Cyber Crises
On February 5, 2014, the EU Member States, European Free Trade Association and the European Network and Information Security Agency issued Standard Operational Procedures to provide guidance on how to manage cyber incidents that could escalate to a cyber crisis.
Continue Reading European Member States and ENISA Issue SOPs to Manage Multinational Cyber Crises
European Commission Launches Cybersecurity Strategy and Draft Directive on Network and Information Security
On February 7, 2013, the European Commission, together with the High Representative of the Union for Foreign Affairs and Security Policy, launched their cybersecurity strategy for the European Union, which included a draft directive on measures to ensure a common level of network and information security across the EU.
Continue Reading European Commission Launches Cybersecurity Strategy and Draft Directive on Network and Information Security
New EU Guidelines on RFID Technology to Address Data Protection Concerns
On April 6, 2011, the European Commission (“the Commission”) signed a voluntary agreement with private and public stakeholders to establish data protection guidelines for companies that use radio frequency identification device (“RFID”) technology within Europe.
The agreement, entitled “Privacy and Data Protection Impact Assessment Framework for RFID Applications” (the “Framework”) requires companies to conduct privacy impact assessments for all RFID applications they implement and to take measures to address identified data protection risks before those applications are deployed in the market. Reports of the completed privacy impact assessments must be made available to the national data protection authorities. The Framework, which was designed in close cooperation with the European Network and Information Security Agency after consultation with the Article 29 Working Party, provides the first clear, comprehensive methodology that can be applied across all industry sectors to assess and mitigate RFID-related privacy risks. It is intended both to assure companies that their use of RFID technology is compatible with European data protection legislation, and to enhance privacy protections for European citizens and consumers.Continue Reading New EU Guidelines on RFID Technology to Address Data Protection Concerns
European Network and Information Security Agency Publishes Report on Cookies
On February 18, 2011, the European Network and Information Security Agency published a report addressing security and privacy concerns associated with the use of cookies.
…
Continue Reading European Network and Information Security Agency Publishes Report on Cookies
European Network and Information Security Agency Publishes Report on Data Breach Notification in the EU
On January 14, 2011, the European Network and Information Security Agency published a report compiling input on EU breach notification procedures provided by regulatory authorities, telecommunication service providers and legal and industry experts.
…
Continue Reading European Network and Information Security Agency Publishes Report on Data Breach Notification in the EU