Publications

Featured publications

ENISA Threat Landscape 2025

September 30, 2025 Download

Through a more threat-centric approach and further contextual analysis, this latest edition of the ENISA Threat Landscape analyses 4875 incidents over a period spanning from 1 July 2024 to 30 June 2025. At its core, this report provides an…

NIS2 Technical Implementation Guidance

June 25, 2025 Download

This report provides technical guidance to support the implementation of the NIS2 Directive for several types of entities in the NIS2 digital infrastructure, ICT service management and digital providers sectors. The…

ENISA NIS360 2024

March 04, 2025 Download

The NIS360 is a new ENISA product that assesses the maturity and criticality of sectors of high criticality under the NIS2 Directive, providing both a comparative overview and a more in-depth analysis of each sector. The NIS360 is designed to…

All publications

(-) Certification and Standards

Managed Security Services Analysis cover featuring an illistration of a woman working on different screens with statistics

Managed Security Services Market Analysis

24 June, 2025

This report addresses the market for Managed Security Services (MSS) on both the demand and the supply side. It addresses MSS usage patterns, compliance and skills certification, threats, requirements, incidents and challenges…

Cyber_Resilience_Act_Requirements_Standards_Mapping.png

Cyber Resilience Act Requirements Standards Mapping - Joint Research Centre & ENISA Joint Analysis

4 April, 2024

To facilitate adoption of the CRA provisions, these requirements need to be translated into the form of harmonised standards, with which manufacturers can comply. In support of the standardisation effort, this study attempt to identify the most…

Cybersecurity of AI and Standardisation

14 March, 2023

The overall objective of the present document is to provide an overview of standards (existing, being drafted, under consideration and planned) related to the cybersecurity of artificial intelligence (AI), assess their coverage and identify gaps in…

5G Cybersecurity Standards

16 March, 2022

This report outlines the contribution of standardisation to the mitigation of technical risks, and therefore to trust and resilience, in the 5G ecosystem. This report focuses on standardisation from a technical and organisational perspective.

Methodology for Sectoral Cybersecurity Assessments

13 September, 2021

The methodology for sectoral cybersecurity assessments described in this document (called SCSA Methodology) addresses objectives in the context of ICT security for sectoral multi-stakeholder systems and drafting sectoral cybersecurity certification…

Cybersecurity Certification: Candidate EUCC Scheme V1.1.1

25 May, 2021

Following the request from the European Commission in accordance with Article 48.2 of the Cybersecurity Act, ENISA has set up an Ad Hoc Working Group to support the preparation of a candidate EU cybersecurity certification scheme as a successor to…

Cybersecurity Certification: Candidate EUCC Scheme

2 July, 2020

Advancing Software Security in the EU

15 April, 2020

This study discusses some key elements of software security and provides a concise overview of the most relevant existing approaches and standards while identifying shortcomings associated with the secure software development landscape, related to…

Overview of standards related to eIDAS

18 December, 2019

The scope of this document is to assess the suitability of the recently published ENs to fulfil the eIDAS Regulation requirements, and to describe the differences with the previous TSs, in view of a possible update of the list of standards…

Good Practice Guide for Addressing Network and Information Security Aspects of Cybercrime

28 November, 2012

In 2010 ENISA started its support for operational collaboration between the Computer Emergency Response Teams (CERTs) in the Member States on the one hand and Law Enforcing Agencies (LEA) on the other hand. Various activities have since been…