The European Union (EU) places great emphasis on cybersecurity within the telecom sector, implementing a range of measures to ensure the security of telecommunications networks and services.

An importal development came in 2009 with the introduction of Article 13a as part of the Telecoms Framework directive. Article 13a mandated EU Member States to ensure that providers take appropriate security measures to protect the security and integrity of telecom networks and services.

In December 2018, the EU adopted a new set of telecom rules known as the European Electronic Communications Code (EECC). The EECC updates the EU telecom package from 2009 and facilitates the deployment of high-capacity networks such as fiber and next-generation mobile networks like 5G. These advancements in infrastructure will create employment opportunities, spur growth, and enable innovative applications like the Internet of Things (IoT) and new business models.

EU member countries were required to transpose this EU directive into national law by 21 December 2020. Detailed security requirements for electronic communication providers, as well as the enforcement mechanisms available to competent authorities, are outlined in Articles 40 and 41 of the European Electronic Communications Code (EECC).

ENISA (European Union Agency for Cybersecurity) works closely with the telecom sector and aims to foster collaboration and information exchange among European countries. ENISA's primary objectives include addressing threats, promoting security measures, facilitating incident reporting, and overseeing providers of electronic communication networks and services.

ENISA's activities are mainly conducted through the European Competent Authorities for Secure Electronic Communications Expert Group - ECASEC EG (formerly known as the Article 13A Expert Group). 

ECASEC EG

In 2010, ENISA, together with the European Commission (EC), Ministries and Telecommunication National Regulatory Authorities (NRAs), initiated a series of meetings (workshops, conference calls) to support a harmonized implementation of Article 13a. The ENISA Article 13a Expert Group was formed in 2010 to facilitate a process of voluntary and informal collaboration between experts of NRAs from across the EU, to discuss and agree on the implementation details of Article 13a of the Telecoms Framework directive.

With the introduction of the European Electronic Communications Code (EECC), the Article 13a group underwent a name change and became known as ECASEC (European Competent Authorities for Secure Electronic Communications).

The ENISA ECASEC Expert group has no formal status (as it is not explicitly mentioned in EU legislation).  The group operates on a voluntary basis, and the decisions made or guidelines adopted by the group are not legally binding.