To enhance EU’s cyber resilience by enabling the future adoption of European certification schemes for ‘managed security services’, member states’ representatives (Coreper) reached a common position on the proposed targeted amendment of the EU’s cybersecurity act (CSA) of 2019.
‘Managed security services’, provided to customers by specialised companies, are crucial for the prevention, detection, response, and recovery from cybersecurity incidents. They can consist of, for example, detection or response to incidents, penetration testing or security audits, or consultancy.
Main objectives of the Commission proposal
Submitted together with a proposal for an EU cyber solidarity act to strengthen cybersecurity capacities in the EU, the targeted amendment to the CSA aims to include European cybersecurity certification schemes for ‘managed security services’ in the scope of the 2019 CSA regulation.
This amendment will therefore enable the establishment of European certification schemes for such services. It will help to increase their quality and comparability, foster the emergence of trusted cybersecurity service providers, and avoid fragmentation of the internal market given that some member states have already started the adoption of national certification schemes for managed security services.
The Council’s amendments
The Council’s position contains the following main amendments to the Commission proposal:
- it clarifies the definition of ‘managed security services’ and the alignment with the revised network information systems (‘NIS 2’) directive
- the text aligns the security objectives of these certification schemes with the security objectives of other schemes under the current cybersecurity act
- the text includes modifications in the annex to the cybersecurity act, which contains a list of requirements to be met by conformity assessment bodies
- a number of technical and drafting modifications have been introduced to make sure that all the relevant provisions of the current CSA regulation apply also to managed security services
Today’s agreement on the Council’s common position (“negotiating mandate”) will allow the Spanish presidency to enter into negotiations with the European Parliament (“trilogues”) on the final version of the proposed legislation.
SOURCE: PRESS RELEASE – EU COUNCIL