Obligations on service providers
Since 2009, the EU legislation (Article 13a in the Framework Directive of the Telecom Reform) asks EU countries to ensure that the electronic communications service providers are taking the right steps to protect the networks and services from incidents. Article 13a also obliges providers to report significant outages to government authorities, and in turn, asks government authorities to share these reports with the European Commission and ENISA.
In 2010, ENISA set up an expert group of experts from EU Member States (from regulators and ministries) to discuss and agree on how to implement Article 13a. The discussions focus, for example, on how to collect incident reports, and how to supervise that providers take appropriate security measures. In these meetings experts also discuss how to mitigate incidents and impact from incidents; for example by discussing frequent root causes, such as storms, human errors or malicious actions.
To highlight the importance of incident reporting and to explain how the Article 13a Expert Group works, we have made a 5 minute video, containing interviews with ENISA experts and some of the key stakeholders. Go and check it out at:
The work on Article 13a is especially important as a pilot for security legislation in other sectors. One of the pillars of the EU’s cyber security strategy is to extend Article 13a to cover also other sectors.
More information about the Article 13a expert group can be found at: https://resilience.enisa.europa.eu/article-13 Every year ENISA also publishes an annual report about the impact and causes of major outages in the electronic communications sector. They can be found at: http://www.enisa.europa.eu/activities/Resilience-and-CIIP/Incidents-reporting/annual-reports
Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!