New Regulation for Cybersecurity of EU Institutions
23 January 2024 // Published in printed Issue 4/2023
Pingen Kopie Dr. Anna Pingen

The new Cybersecurity Regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices, and agencies of the Union entered into force on 7 January 2024. The new legal framework follows the Commission's proposal for the Cybersecurity Regulation in March 2022 (→ eucrim news of 26 April 2022) and the political agreement reach by the European Parliament and Council in June 2023.

The regulation's comprehensive measures to reach a high level of cybersecurity emphasize the importance of establishing an internal cybersecurity risk management, governance, and control framework tailored to each Union entity's needs and taking into account the evolving nature of cyber threats and the interconnectedness of digital systems.

The regulation introduces the Interinstitutional Cybersecurity Board (IICB) to oversee and assist in the regulation's implementation, ensuring that Union entities work towards achieving a unified cybersecurity standard. The Computer Emergency Response Team for EU institutions (CERT-EU) is being expanded under this regulation in order to serve as a central hub for threat intelligence, information exchange, and incident response coordination - it has been renamed the Cybersecurity Service for the Union institutions while retaining the acronym "CERT-EU."