Publications

Featured publications

ENISA NIS360

This edition of the ENISA NIS360 report is the third to assess the cybersecurity maturity and criticality of all sectors of high criticality as identified under Annex I of the NIS2 directive. The assessment covers the entire ecosystem of a sector…

NIS Investments 2025

The annual NIS Investments report presents the findings of a study conducted by ENISA to explore how cybersecurity policy translates in practice across organisations in the EU and its effects on their investments, resources, and operations.

NIS2 Technical Implementation Guidance

This report provides technical guidance to support the implementation of the NIS2 Directive for several types of entities in the NIS2 digital infrastructure, ICT service management and digital providers sectors. The cybersecurity requirements for…

All publications

Publish Date

ENISA Single Programming Document 2022-2024 Condensed

Condensed work programme 2022

Remote ID Proofing

This report provides an overview of the most common methods for identity proofing with some examples received by stakeholders, presents the current legal / regulatory landscape and supporting standards at the international and EU level and…

Conformity Assessment of Qualified Trust Service Providers

This document provides an overview of the conformity assessment framework for QTSPs as set out in the eIDAS Regulation, i.e. aiming to confirm that the assessed QTSP/QTS fulfils its requirements. This report discusses the typical process flow and…

Recommendations for Qualified Trust Service Providers based on Standards

This document provides recommendations to help qualified trust service providers and auditors understand the expected mapping between these requirements/obligations and reference numbers of standards, as well as practical recommendations for…

Security Framework for Qualified Trust Service Providers

This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation, to which both non-QTSP and QTSP are subject. Nevertheless, Article 19.1 states that the security measures “shall ensure that the level of…

Security Framework for Trust Service Providers

This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation. As illustrated below, this security framework includes specific guidelines for TSP on: 1) Risk management related to the security of the…

EU Cybersecurity Initiatives in the Finance Sector

The finance sector is a heavily regulated sector, and cybersecurity provisions are already included in multiple EU policies and legislations (e.g. PSD 2 , MIFID II ). EU institutions, agencies, bodies, regulators and other groups of stakeholders…

Security in 5G Specifications - Controls in 3GPP

The objective of this report is to help MS implementing the technical measure TM02 from the EU toolbox on 5G security.
The report is also intended to help national competent and regulatory authorities get a better picture of the…

Cybersecurity Challenges in the Uptake of Artificial Intelligence in Autonomous Driving

This report, drafted jointly by ENISA and JRC, aims to provide insights on the cybersecurity challenges specifically connected to the uptake of AI techniques in autonomous vehicles. It describes the policy context at both the European and…

Crypto Assets: Introduction to Digital Currencies and Distributed Ledger Technologies

This report aims to increase the understanding
of blockchain technologies. It aims to explain the underlying technical concepts and how they relate to each other. The goal is to explain the components,
and illustrate their use by pointing…