New ENISA Report on Regulatory and Non-regulatory Approaches to Information Sharing

Back to News

ENISA publishes its report on “Cyber Security Information Sharing: An Overview of Regulatory and Non-regulatory Approaches”.

ENISA identified three types of approaches to share information on cyber security incidents: 
1) Traditional regulation 
2) Alternative forms of regulation, such as self- and co-regulation
3) Other approaches to enable information sharing, such as information and education schemes.

Some key findings are:

  • The prevalence of traditional regulation, alternative forms of regulation (such as self- and co-regulation) and other approaches to enable information sharing on cyber incidents, varies from country to country
  • The frequent use of alternative types of regulatory initiatives (co- and self-regulation) in the field of information sharing on cyber incidents
  • Different regulatory and non-regulatory approaches bring different challenges with them
  • Trust is a key element for the success of the information sharing on cyber incidents
  • National and governmental CSIRTs play an important role in the field

 
Background
The study aims to present the regulatory and non-regulatory approaches of EU Member States as well as EEA and EFTA countries to share information on cyber incidents, the different sector regulation challenges of managing cyber security issues, and their key practices in addressing them. The primary target audience of this report are policy and law makers at EU and Member State level, the CSIRT community (in particular national and governmental CSIRTs), the law enforcement community and other operational communities.

Full report available here: Cyber Security Information Sharing: An Overview of Regulatory and Non-regulatory Approaches

For interviews and press enquiries please contact press@enisa.europa.eu , Tel.+30 2814 409576