- Harmonizing the existing cybersecurity certification landscape to reduce costs and administrative burdens for companies by establishing a common “European Cybersecurity Certification Framework for ICT products and services.”
- Further specifying and publishing best practices relating to incident reporting and security obligations for some digital service providers under the NIS Directive (see our reports here and here).
- Changes to the tasks and functions of ENISA, including providing ENISA with a strengthened and permanent mandate.
The UK Government also welcomes views from stakeholders on the impact of the proposals with respect to the UK’s exit from the EU. The consultation closes on February 13, 2018. Before then, and by January 20, 2018, the UK Government has been asked by the UK Parliament to clarify issues relating to the proposals, including on issues relating to the “Cybersecurity Act” and cybersecurity certification.