Supporting the implementation of Union policy and law regarding cybersecurity

Cybersecurity Policy

Cybersecurity has a prominent role in several EU legal instruments. It is often mentioned as an explicit obligation or as a requirement for building trust. The NIS Directive (EU 2016/1148) was the first piece of EU-wide cybersecurity legislation. The goal is to enhance cybersecurity across the EU. ENISA is working with Member States to identify best EU-wide practices in their efforts to implement the Directive.

As digital threats have since grown in number and sophistication, a proposed expansion of the legislation through a new NIS2 Directive is currently underway to better protect supply chains as well as streamline and harmonise supervisory measures.

Whether concerning specific instances related to eIDAS and electronic identities, personal data protection or Privacy by Design to ensure built-in privacy measures to systems, projects and operations, ENISA is at the forefront of offering state-of-the-art advice and counsel to improve the quality of people’s everyday lives online.

ENISA has taken an engineering approach to analysing legal obligations and translating them into technical requirements while, through its policy observatory approach, it also advises Member States on upgrading security measures related to current and future EU legislation such as the  EECC, DORA, the Electricity Code and other similar rules aimed at protecting cross-border internal market transactions of goods and services.

  • ENISA has long experience in identifying best practices to bring Member States into alignment to counteract the greater scope and scale of the EU's external and internal cyber threats.
  • Working closely with policy experts, ENISA brings vision and state-of-the-art experience to help counteract or hinder threats to the supply chains of goods and services. It also helps facilitate a swifter understanding of legislative impacts on upgrading and aligning cybersecurity measures across the borders of the internal market.
  • On key specific existing laws (e.g. EECC, eIDAS, GDPR) and draft legislation, ENISA is well placed to advise Member States bodies on bringing their policies up to date and closer to EU-wide voluntary harmonisation.
Browse the Topics

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information