Publications

Featured publications

ENISA Threat Landscape 2025

Download

Through a more threat-centric approach and further contextual analysis, this latest edition of the ENISA Threat Landscape analyses 4875 incidents over a period spanning from 1 July 2024 to 30 June 2025. At its core, this report provides an…

NIS Investments 2025

Download

The annual NIS Investments report presents the findings of a study conducted by ENISA to explore how cybersecurity policy translates in practice across organisations in the EU and its effects on their investments, resources, and operations.

NIS2 Technical Implementation Guidance

Download

This report provides technical guidance to support the implementation of the NIS2 Directive for several types of entities in the NIS2 digital infrastructure, ICT service management and digital providers sectors. The…

All publications

By topics

By type

Publish Date

Security Framework for Trust Service Providers

This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation. As illustrated below, this security framework includes specific guidelines for TSP on: 1) Risk management related to the security of the eIDAS…
Private Sector

Recommendations for Qualified Trust Service Providers based on Standards

This document provides recommendations to help qualified trust service providers and auditors understand the expected mapping between these requirements/obligations and reference numbers of standards, as well as practical recommendations for their…
Private Sector

EU Cybersecurity Initiatives in the Finance Sector

The finance sector is a heavily regulated sector, and cybersecurity provisions are already included in multiple EU policies and legislations (e.g. PSD 2 , MIFID II ). EU institutions, agencies, bodies, regulators and other groups of stakeholders run…
Private Sector
security in 5g specifications

Security in 5G Specifications - Controls in 3GPP

The objective of this report is to help MS implementing the technical measure TM02 from the EU toolbox on 5G security. The report is also intended to help national competent and regulatory authorities get a better picture of the standardisation…
National / EU authorities

Cybersecurity Challenges in the Uptake of Artificial Intelligence in Autonomous Driving

This report, drafted jointly by ENISA and JRC, aims to provide insights on the cybersecurity challenges specifically connected to the uptake of AI techniques in autonomous vehicles. It describes the policy context at both the European and…
Private Sector

Crypto Assets: Introduction to Digital Currencies and Distributed Ledger Technologies

This report aims to increase the understanding of blockchain technologies. It aims to explain the underlying technical concepts and how they relate to each other. The goal is to explain the components, and illustrate their use by pointing to…
Private Sector

Data Pseudonymisation: Advanced Techniques and Use Cases

This report, building on the basic pseudonymisation techniques, examines advanced solutions for more complex scenarios that can be based on asymmetric encryption, ring signatures and group pseudonyms, chaining mode, pseudonyms based on multiple…
Private Sector

2020 Report on CSIRT-LE Cooperation: study of roles and synergies among selected countries

The purpose of this report is to further explore and support the cooperation between computer security incident response teams (CSIRTs), in particular national and governmental (n/g) CSIRTs, and law enforcement agencies (LEAs) and their…

National / EU authorities

Cloud Security for Healthcare Services

This study aims to provide Cloud security practices for the healthcare sector and identify security aspects, including relevant data protection aspects, to be taken into account when procuring Cloud services for the healthcare industry. The set of…
Private Sector

EUCS – Cloud Services Scheme

This publication is a draft version of the EUCS candidate scheme (European Cybersecurity Certification Scheme for Cloud Services), which looks into the certification of the cybersecurity of cloud services. In accordance with Article 48.2 of the…

National / EU authorities