Cyber Security Practitioner
Back to Contents

Volume: 4 Issue: 1
(January 2018)

uk dcms consults ecs proposed enis reforms uks department digital culture media sport (‘dcms launched consultation 20

UK Europe EU China Russia US

Share This Page

The UK DCMS consults on the EC’s proposed ENISA reforms

The UK’s Department for Digital, Culture, Media & Sport (‘DCMS’) launched a consultation on 20 December 2017 seeking views on the European Commission’s (‘EC’) proposed Regulation on ENISA (‘the European Union Agency for Network and Information Security’), the ‘EU Cybersecurity Agency,’ and repealing Regulation (EU) 526/2013, and on Information Communication Technology cyber security certification (the ‘Regulation’). The Regulation would see ENISA granted a permanent mandate under the role of ‘EU agency for cybersecurity,’ giving it what the DCMS calls “a stronger and more central role […] as the central coordination point with all relevant bodies.”

The aspects of the proposed Regulation the DCMS is seeking views on include the EC’s proposal to make moderate revisions to the organisation and governance of ENISA to give greater consideration to the needs of wider stakeholders, and setting out a framework to govern the voluntary European cyber security certification schemes in order to address fragmentation in the certification landscape. The DCMS also notes that the proposed Regulation does not aim to introduce directly operational schemes but rather to create a system which will allow schemes to be established and recognised across the EU.

“The key takeaways of the Regulation are the attempt to harmonise cyber security and certification across the EU and to assert ENISA as the expert body at the epicentre,” comments Dan Hyde, Partner at Penningtons Manches. “Rather like the GDPR, it is an attempt to impose and harmonise cross-border regulation, but here, significantly, the governance comes from a lead body within Europe. The aims are understandable and laudable, but can ENISA, an Athens/Heraklion-based organisation, take the lead? Does it have the credibility or expertise to surpass all others? To date, no…it hasn’t performed these functions across such a vast regulatory landscape before.”

“One of the most significant takeaways is the voluntary cyber security certification scheme for ICT products,” states Emma Wright, Partner at Kemp Little. “For those within the Single Market this will be welcomed - separate national cyber security requirements will always restrict the free movement of goods unless they are harmonised.”

The DCMS also invites views on the possible impact the proposed Regulation may have in light of Brexit. “Britain maintains that the sharing of intelligence remains of paramount importance,” comments Wright. “While it is likely that intelligence will be shared, the UK is unlikely to have any role is shaping ENISA’s policy or focus, which it may have been able to do if it remained in the EU.”

“To date ENISA has not embarked upon or been responsible for such a vast piece of Europe-wide cyber security regulation or certification,” concludes Hyde. “It is rather like betting on a horse that has never raced the course. I also predict that, as with the GDPR, there will be a divergence of cyber security philosophy between nation states such that China, Russia and the US are inevitably out of step with whatever the resulting EU-wide cyber security and certification measures are. The proposed reforms to ENISA have to be turned from words and writing to deeds, and because the arena of cyber security is possibly the most important of recent times, I think there will be understandable concern in the UK that this will be EU/ENISA led. And I haven’t even got onto the issue of ENISA’s funding.”

Search Publication Archives

Our publication archives contain all of our articles.
Can’t find what you are looking for?
Try an Advanced Search

Log in to cyber security practitioner
Subscribe to cyber security practitioner
Register for a Free Trial to cyber security practitioner
cyber security practitioner Pricing

Social Media

Follow cyber security practitioner on TwitterView cyber security practitioner LinkedIn Profilecyber security practitioner RSS Feed