Guideline on Security Measures under the EECC

Back to all publications

Download

Publication date:July 7, 2021

This document, the Technical Guideline for Security Measures, provides guidance to competent authorities about the technical details of implementing Articles 40 and 41 of the EECC: how to ensure that providers assess risks and take appropriate security measures. The guideline lists 29 high-level security objectives, which are grouped in 8 security domains. For each security objective we list specific detailed security measures which could be taken by providers to reach the security objective. These security measures are grouped in 3 levels of increasing sophistication. We also give examples of evidence, which could be taken into account by an auditor, for example, when assessing if these security measures are actually in place.

This report is accompanied by a Supplement on 5G, accessible from the link below:

5G Supplement

Search related content with: Cybersecurity NIS Directive EECC (European Electronic Communications Code EECC) telecom

Publication details

Related content

ENISA NIS Investments 2025 cover featuring the main sectors icons

NIS Investments 2025

The annual NIS Investments report presents the findings of a study conducted by ENISA to explore how cybersecurity policy
translates in practice across organisations in the EU and its effects on their investments, resources, and operations.

ENISA report cover: "Telecom Security Incidents 2024", published July 2025, with cybersecurity-themed imagery.

Telecom Security Incidents 2024

The 2024 annual summary contains reports of 188 incidents submitted by national authorities from 26 EU Member States and 2 European Free

Trust Services Security Incidents 2024, annual report cover depicting a handshake and icons relevant to trust services

Annual Report - Trust Services Security Incidents 2024

Every year national supervisory bodies must send annual summary reports about the notified breaches to ENISA and the Commissio

The EU Cybersecurity Index 2024 cover

The EU Cybersecurity Index 2024

The EU Cybersecurity Index (EU-CSI) is a tool, developed by ENISA in collaboration with the Member States, to describe the cybersecurity posture of Member States and the EU. 

BROWSE ALL PUBLICATIONS

2nd ENISA Cybersecurity Policy Conference

2024 Apr 17

EU Cybersecurity Policy Conference

2023 Jan 26

EU ISACS Summit 2024

2024 Oct 17

BROWSE ALL EVENTS

What’s Driving Cybersecurity Investments and where lie the challenges?

Press Release

The 6th edition of the NIS Investments report reveals investments shifting from people to technology, talent shortages deepening, compliance and NIS2 driving action but implementation posing a challenge.

ENISA NIS360 2024 report: A comprehensive look at cybersecurity maturity and criticality of NIS2 sectors

Press Release

The European Union Agency for Cybersecurity’s first NIS360 report identifies areas for improvement and tracking of progress across NIS2 Directive sectors.

EU’s first ever report on the state of cybersecurity in the Union

Press Release

In accordance with Article 18 of the NIS 2 Directive, ENISA was tasked to prepare a biennial report on the state of cybersecurity in the Union. 

Navigating cybersecurity investments in the time of NIS 2

Press Release

The latest report of the European Union Agency for Cybersecurity (ENISA) aims to support policy makers in assessing the impact of the current EU cybersecurity framework, and particularly the NIS 2 Directive, on cybersecurity investments and the overall

BROWSE ALL NEWS