• Deploying Pseudonymisation Techniques

    Pseudonymisation is increasingly becoming a key security technique for providing a means that can facilitate personal data processing, while offering strong safeguards for the protection of personal data and thereby safeguarding the rights and...

    Published on March 24, 2022
  • Security and Privacy for public DNS Resolvers

    Domain Name System (DNS) resolution is a hierarchical distributed system of protocols and systems, whose main purpose is to map the human friendly domain names, such as www.example.com, to machine readable IP addresses, such as 123.123.123.123. DNS...

    Published on February 10, 2022
  • Data Protection Engineering

    Data Protection Engineering can be perceived as part of data protection by Design and by Default. It aims to support the selection, deployment and configuration of appropriate technical and organizational measures in order to satisfy specific data...

    Published on January 27, 2022
  • Digital Identity: Leveraging the SSI Concept to Build Trust

    The maintenance of continuity in social life, businesses and administration has accelerated the reflection on the possibility of a need for such decentralised electronic identity. This report explores the potential of self-sovereign identity (SSI...

    Published on January 20, 2022
  • Remote Identity Proofing - Attacks & Countermeasures

    Remote identity proofing is a crucial element in creating trust for digital services. The present study analyses the collection and validation of evidence provided by the applicant to complete the verification of his or her identity. More...

    Published on January 20, 2022
  • NIS Investments Report 2021

    Following the 2020 NIS Investment publication, this report covers all 27 EU Member States and offering additional insights into the allocation of NIS budgets of OES/DSP, the economic impact of cybersecurity incidents and the organisation of...

    Published on November 17, 2021
  • Guideline on Security Measures under the EECC

    This document, the Technical Guideline for Security Measures, provides guidance to competent authorities about the technical details of implementing Articles 40 and 41 of the EECC: how to ensure that providers assess risks and take appropriate...

    Published on July 07, 2021
  • 5G Supplement - to the Guideline on Security Measures under the EECC

    This document contains a 5G technology profile which supplements the technology-neutral Guideline on Security Measures under the EECC. The document gives additional guidance to competent national authorities about how to ensure implementation and...

    Published on July 07, 2021
  • Conformity Assessment of Qualified Trust Service Providers

    This document provides an overview of the conformity assessment framework for QTSPs as set out in the eIDAS Regulation, i.e. aiming to confirm that the assessed QTSP/QTS fulfils its requirements. This report discusses the typical process flow and...

    Published on March 11, 2021
  • Recommendations for Qualified Trust Service Providers based on Standards

    This document provides recommendations to help qualified trust service providers and auditors understand the expected mapping between these requirements/obligations and reference numbers of standards, as well as practical recommendations for their...

    Published on March 11, 2021
  • Security Framework for Qualified Trust Service Providers

    This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation, to which both non-QTSP and QTSP are subject. Nevertheless, Article 19.1 states that the security measures “shall ensure that the level of...

    Published on March 11, 2021
  • Security Framework for Trust Service Providers

    This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation. As illustrated below, this security framework includes specific guidelines for TSP on: 1) Risk management related to the security of the eIDAS...

    Published on March 11, 2021
  • Remote ID Proofing

    This report provides an overview of the most common methods for identity proofing with some examples received by stakeholders, presents the current legal / regulatory landscape and supporting standards at the international and EU level and provides...

    Published on March 11, 2021
  • Data Pseudonymisation: Advanced Techniques and Use Cases

    This report, building on the basic pseudonymisation techniques, examines advanced solutions for more complex scenarios that can be based on asymmetric encryption, ring signatures and group pseudonyms, chaining mode, pseudonyms based on multiple...

    Published on January 28, 2021
  • NIS Investments Report 2020

    Four years after the NIS Directive entered into force and two years after the transposition by Member States into their national laws, this report presents the findings of a survey of 251 organisations across five EU Member States (France, Germany...

    Published on December 11, 2020
  • Power Sector Dependency on Time Service: attacks against time sensitive services

    This publication describes the threats against energy providers’ services which depend on the availability of precise timing and communication networks. It provides a typical architecture which supports the time measurement service. Then it...

    Published on May 12, 2020
  • Encrypted Traffic Analysis

    This report explores the current state of affairs in Encrypted Traffic Analysis and in particular discusses research and methods in 6 key use cases; viz. application identification, network analytics, user information identification, detection of...

    Published on April 23, 2020
  • Advancing Software Security in the EU

    This study discusses some key elements of software security and provides a concise overview of the most relevant existing approaches and standards while identifying shortcomings associated with the secure software development landscape, related to...

    Published on April 15, 2020
  • eIDAS compliant eID Solutions

    This report provides an overview of the legislative framework under eIDAS for electronic identification, presents the landscape of notified and pre-notified eID schemes and identifies key trends in the electronic identification field. Moreover, it...

    Published on March 15, 2020
  • Overview of standards related to eIDAS

    The scope of this document is to assess the suitability of the recently published ENs to fulfil the eIDAS Regulation requirements, and to describe the differences with the previous TSs, in view of a possible update of the list of standards...

    Published on December 18, 2019
  • Recommendations for technical implementation of the eIDAS Regulation

    The present report aims to propose ways in which the eIDAS assessment regime can be strengthened based on the current regime of the eIDAS Regulation, the stakeholders’ concerns and the legitimate need to move towards a more harmonised approach with...

    Published on December 17, 2019
  • Pseudonymisation techniques and best practices

    This report explores further the basic notions of pseudonymisation, as well as technical solutions that can support implementation in practice. Starting from a number of pseudonymisation scenarios, the report defines first the main actors that can...

    Published on December 03, 2019
  • Stock taking of security requirements set by different legal frameworks on OES and DSPs

    In order to support organisations in their process of identifying appropriate security measures, based on the provisions of both NISD and GDPR, this report uses as basis the pre-existing ENISA guidance and presents a mapping of already identified...

    Published on November 15, 2019
  • Assessment of ETSI TS 119 403-3 related to eIDAS

    This document assesses the eligibility of [ETSI TS 119 403-3], and the standards it builds upon, to be referenced in an implementing act adopted pursuant to Art.20(4) of the eIDAS Regulation. The findings suggest that if certain revisions take...

    Published on November 15, 2019
  • Challenges and opportunities for EU cybersecurity start-ups

    Based on extensive analysis of the identified challenges and opportunities, as well as on feedback collected from a panel of experts, this report proposes a set of recommendations to start-ups and SMEs active in the NIS market.

    Published on May 15, 2019
  • Towards a framework for policy development in cybersecurity - Security and privacy considerations in autonomous agents

    One of the key aspects in autonomous systems is the data collected, mainly for supporting the demanding functionality in a qualitative and timely manner. The current study highlights a number of relevant security and privacy considerations, such as...

    Published on March 14, 2019
  • Good practices on the implementation of regulatory technical standards

    MS approaches on PSD 2 implementation: commonalities in risk management and incident reporting - The main objective of this study is to identify the differences introduced by Member States in the implementation of the PSD2. In particular, the aim is...

    Published on January 24, 2019
  • Good practices on interdependencies between OES and DSPs

    This study is concerned with dependencies and interdependencies among Operators of Essential Services (OES) and Digital Service Providers (DSPs) as defined in the NIS Directive and addresses emerging dependencies and interdependencies across...

    Published on November 30, 2018
  • Guidelines on assessing DSP security and OES compliance with the NISD security requirements

    This report presents the steps of an information security audit process for the OES compliance, as well as of a self-assessment/ management framework for the DSP security against the security requirements set by the NIS Directive. In addition, it...

    Published on November 28, 2018
  • Handbook on Security of Personal Data Processing

    The overall scope of the report is to provide practical demonstrations and interpretation of the methodological steps of the ENISA’s 2016 guidelines for SMEs on the security of personal data processing. This is performed through specific use cases...

    Published on January 29, 2018
  • eIDAS: Overview on the implementation and uptake of Trust Services

    In the context of the eIDAS Regulation, ENISA conducted a study to present an overview of the implementation and uptake of Trust Services defined in the eIDAS Regulation one year after adoption to the new regime, and analyse the new opportunities...

    Published on January 15, 2018
  • Annual Privacy Forum 2017

    ENISA's Annual Privacy Forum 2017 encouraged dialogue with panel discussions and provided room for exchange of ideas in between scientific sessions. The two-day conference was well attended by more than 100 participants in addition to more than 70...

    Published on January 09, 2018
  • QWACs Plugin

    Proof of concept browser plugin to support the two-step verification of qualified certificates for web-site authentication

    Published on January 08, 2018
  • Guidelines on Termination of Qualified Trust Services

    This document proposes guidelines to SB and (Q)TSP aimed at facilitating the implementation of the provisions related to trust services of the eIDAS Regulation in the area of termination of trust services. Termination of QTS is addressed here in a...

    Published on December 19, 2017
  • Recommendations on European Data Protection Certification

    The objective of this report is to identify and analyse challenges and opportunities of data protection certification mechanisms, including seals and marks, as introduced by the GDPR, focusing also on existing initiatives and voluntary schemes.

    Published on November 27, 2017
  • Security guidelines on the appropriate use of qualified website authentication certificates

    This document addresses qualified certificates for website authentication and is one out of a series of five documents which aim to assist parties wishing to use qualified electronic signatures, seals, time stamps, eDelivery or website...

    Published on June 29, 2017
  • Security guidelines on the appropriate use of qualified electronic registered delivery services

    This document addresses qualified electronic registered delivery services and is one out of a series of five documents which aim to assist parties wishing to use qualified electronic signatures, seals, time stamps, eDelivery or website...

    Published on June 29, 2017
  • Security guidelines on the appropriate use of qualified electronic time stamps

    This document addresses qualified electronic time stamps and is one out of a series of five documents which target to assist parties aiming to use qualified electronic signatures, seals, time stamps, eDelivery or website authentication certificates...

    Published on June 29, 2017
  • Security guidelines on the appropriate use of qualified electronic seals

    This document addresses qualified electronic seals and is one out of a series of five documents which target to assist parties aiming to use qualified electronic signatures, seals, time stamps, eDelivery and website authentication certificates to...

    Published on June 29, 2017
  • Security guidelines on the appropriate use of qualified electronic signatures

    This document addresses qualified electronic signatures and is one out of a series of five documents which target to assist parties aiming to use qualified electronic signatures, seals, time stamps, eDelivery or website authentication certificates...

    Published on June 29, 2017
  • Recommendations on aligning research programme with policy

    The scope of this report is to review existing analysis reports on EU funded Trust and Security Projects, summarize achievements that have significantly promoted specific pillars of NIS, identify and summarize specific outcomes that can promote and...

    Published on May 08, 2017
  • Recommendations on aligning research programme with policy

    The scope of this report is to review existing analysis reports on EU funded Trust and Security Projects, summarize achievements that have significantly promoted specific pillars of NIS, identify and summarize specific outcomes that can promote and...

    Published on May 08, 2017
  • Annual Privacy Forum 2016

    In light of the data protection regulation and the European digital agenda, DG CONNECT, EDPS, ENISA and, Goethe University Frankfurt organized APF 2016. APF 2016 was held 7 & 8 September at Goethe University Frankfurt am Main, Germany.

    Published on March 09, 2017
  • Guidelines for SMEs on the security of personal data processing

    ENISA undertook a study to support SME’s on how to adopt security measures for the protection of personal data, following a risk-based approach. In particular, the objectives of the study were to facilitate SMEs in understanding the context of the...

    Published on January 27, 2017
  • Report on Annual Privacy Forum 2012

    The first Annual Privacy Forum1 (APF’12) was held in Limassol, Cyprus from 10–11 October 2012. The Forum was co-organised by the European Network and Information Security Agency (ENISA)2 and the European Commission Directorate General for...

    Published on December 12, 2012
  • Managing multiple identities

    Nowadays each person has the opportunity of living multiple lives in parallel, in the real as well as in the virtual world. A trend observed over the last years, first in the research community, but now also in commercial offerings is the increase...

    Published on April 20, 2011
  • Mapping security services to authentication levels

    This report reviews the authentication levels and their mapping to public electronic services in the eGovernment programme framework, which require an authentication of the user (security services). It gives a general overview of European efforts...

    Published on March 08, 2011
  • Mobile Identity Management

    This paper reports on information security risks and best-practice in the area of Mobile Identity Management (Mobile IDM). It also provides recommendations of systems, protocols and/or approaches to address these challenges.

    Published on April 13, 2010
  • Security Issues in Cross-border Electronic Authentication

    Improving the interoperability of electronic identification and authentication systems is a European task and a task for all Member States. Considerable efforts have been made in several projects to face the challenges of pan-European...

    Published on February 03, 2010
  • National eIDs in pan-European e-Government Services

    Since the beginning of the 21st century, European Member States have been planning, developing and implementing new solutions to offer electronic services to citizens and businesses on a digital platform in order to improve administrative...

    Published on January 24, 2010
  • Privacy and Security Risks when Authenticating on the Internet with European eID Cards

    Whenever we use internet services, the first steps we take are usually identification (we input our names) and authentication (we prove that it is us). How we actually identify and authenticate ourselves depends on the security level of the...

    Published on November 26, 2009
  • Privacy Features of European eID Card Specifications

    A national eID card is a gateway to personal information. Any unwanted disclosure of personal information constitutes a violation of the citizen’s privacy rights. Apart from considerations of fundamental rights, this is also a serious obstacle to...

    Published on January 27, 2009
  • Security Issues in the Context of Authentication Using Mobile Devices (Mobile eID)

    Mobile devices, like smart phones and PDAs, will play an increasingly important role in the digital environment. However, the pervasive use of mobile devices also brings new security and privacy risks. Persons who make extensive use of mobile...

    Published on November 11, 2008
Browse the Topics

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information