Fostering robust cybersecurity practices in the telecommunications industry

Telecom sector

The European Union (EU) places great emphasis on cybersecurity within the telecom sector, implementing a range of measures to ensure the security of telecommunications networks and services.

An importal development came in 2009 with the introduction of Article 13a as part of the Telecoms Framework directive. Article 13a mandated EU Member States to ensure that providers take appropriate security measures to protect the security and integrity of telecom networks and services.

In December 2018, the EU adopted a new set of telecom rules known as the European Electronic Communications Code (EECC). The EECC updates the EU telecom package from 2009 and facilitates the deployment of high-capacity networks such as fiber and next-generation mobile networks like 5G. These advancements in infrastructure will create employment opportunities, spur growth, and enable innovative applications like the Internet of Things (IoT) and new business models.

EU member countries were required to transpose this EU directive into national law by 21 December 2020. Detailed security requirements for electronic communication providers, as well as the enforcement mechanisms available to competent authorities, are outlined in Articles 40 and 41 of the European Electronic Communications Code (EECC).

ENISA (European Union Agency for Cybersecurity) works closely with the telecom sector and aims to foster collaboration and information exchange among European countries. ENISA's primary objectives include addressing threats, promoting security measures, facilitating incident reporting, and overseeing providers of electronic communication networks and services.

ENISA's activities are mainly conducted through the European Competent Authorities for Secure Electronic Communications Expert Group - ECASEC EG (formerly known as the Article 13A Expert Group). 


In 2010, ENISA, together with the European Commission (EC), Ministries and Telecommunication National Regulatory Authorities (NRAs), initiated a series of meetings (workshops, conference calls) to support a harmonized implementation of Article 13a. The ENISA Article 13a Expert Group was formed in 2010 to facilitate a process of voluntary and informal collaboration between experts of NRAs from across the EU, to discuss and agree on the implementation details of Article 13a of the Telecoms Framework directive.

With the introduction of the European Electronic Communications Code (EECC), the Article 13a group underwent a name change and became known as ECASEC (European Competent Authorities for Secure Electronic Communications).

The ENISA ECASEC Expert group has no formal status (as it is not explicitly mentioned in EU legislation).  The group operates on a voluntary basis, and the decisions made or guidelines adopted by the group are not legally binding.

For over a decade, ENISA has been providing support to EU Member States in supervising security measures within the telecom sector. This ongoing assistance underscores ENISA's commitment to fostering robust cybersecurity practices in the telecommunications industry.

Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies