Press Release

New Regulation for EU cybersecurity agency ENISA, with new duties

European Union (EU) cybersecurity agency, ENISA has today (18th June) received a new Regulation, granting it a seven year mandate with an expanded set of duties.

Published on June 18, 2013

The Regulation is published in today’s Official Journal of the European Union, and comes into force tomorrow (19th June 2013).[i]

ENISA’s Executive Director, Professor Udo Helmbrecht, said: “The new Regulation is great news for ENISA and for cybersecurity in Europe. It means that ENISA now has the scope and authority to make an even bigger difference in protecting Europe’s cyberspace. We will be working more closely with Member States and putting an increased focus on cybercrime, working with Europol. 

“To reach this very positive conclusion, we have had a great deal of support, from Member States, European Parliamentarians, the European Council, the Commission and individual Commissioners. In particular, the support of MEPs Giles Chichester and Christian Ehler, and Commission Vice-President, Neelie Kroes was essential.  Our ENISA staff, Management Board, Permanent Stakeholders Group and National Liaison Officers have also supported us throughout the process. I thank them all. We are now working to secure the resources we need to deliver on the important security tasks that Europe’s citizens have entrusted to us.”

The new Regulation enshrines ENISA’s achievements in areas such as Computer Emergency Response Teams (CERTs) in Member States, and its world-class cybersecurity exercises, such as Cyber Europe 2012, with 600 participants from across Europe.

Other key points of the new Regulation include:

  • Providing ENISA with a strong interface with the fight against cybercrime - focusing on prevention and detection - with Europol’s European Cybercrime Centre (EC3)
  • ENISA supporting the development of EU cybersecurity policy and legislation
  • The Agency supporting research, development and standardisation, with EU standards for risk management and the security of electronic products, networks and services
  • ENISA supporting the prevention and detection of, and response to cross-border
  • Aligning ENISA more closely to the EU Regulatory process, providing EU countries and Institutions with assistance and advice

The Regulation also confirms that the Agency’s seat (its headquarters), will remain in Heraklion, on Crete, with an operational office in Athens.

The EU’s Cybersecurity Strategy, and Directive, published in February, also foresee a key role for ENISA in protecting Europe’s cyberspace.

Note:[i] The ENISA Regulation was approved by the Council of the European Union on 14th May 2013, following it being passed by the European Parliament on 15th April, with an overwhelming majority: 626 votes in favour, of the 687 votes cast, with 45 against and 16 abstentions.  The Regulation was signed by the European Parliament and Council of the European Union on 21st May 2013.


ENISA was established in 2004, under Regulation (EC) No 460/2004, with a five year mandate. This mandate was subsequently extended, in 2008 and 2011, to allow time for the new Regulation to be developed.   


Background information:

To see the new ENISA Regulation in full, go to: Regulation (EU) No 526/2013


For further information and to arrange interviews, contact: Graeme Cooper, Head of Public Affairs/Spokesman, on: Office: (+30) 2814 409571 or Mobile: (+30) 6951 782268, e-mail: [email protected]


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies