In the recent years, cybersecurity has become one of the crucial areas that the European Union (“EU”) decided to invest in to get fit for the digital era. In order to acquire leadership and autonomy in this field, the EU takes steps to develop competencies, capacities and capabilities.
One step in this regard is represented by the draft regulation establishing a new EU body – the European Cybersecurity Industrial, Technology and Research Competence Centre (the “Competence Centre”), which has been adopted on April 20, 2021 by the Council of the EU.
2. Role of the Competence Centre
As it now stands, the draft regulation provides that the Competence Centre’s main mission is to help increase the security of critical network and information systems. In order to fulfil the same, it will perform a dual role:
From an organisational perspective, the Competence Centre will consist of (i) an executive director, (ii) a governing board, and (iii) a strategic advisory group. In its activity, it can also call upon the expertise of natural persons as ad-hoc experts.
The draft regulation also establishes the organisation of:
• the Network of National Coordination Centres (the “Network”) which will consist of state-owned entities with research and technological expertise in cybersecurity; and
• the Cybersecurity Competence Community (the “Community”) which will gather stakeholders that have cybersecurity expertise in various domains.
Both entities’ role will be to support the Competence Centre’s activity.
The Competence Centre will be headquartered in Bucharest, Romania and will work closely with the Network and the Community and, where appropriate, with the European Union Agency for Cybersecurity (“ENISA”), on the following main tasks:
Through this approach, the Competence Centre will put an end to the fragmentation of the research and development efforts throughout EU and will shape a strategic orientation for the future of cybersecurity.
3. Next steps
The draft regulation will be sent to the European Parliament, who has to provide its input on the Council’s position within three months and to either:
If amendments are proposed, the Council will have to examine the same and either approve them all or convene the conciliation committee.
According to the draft regulation, the European Commission is entrusted with setting up and running the Competence Centre until the same can operate independently. Thus, pending the final vote in the European Parliament, the European Commission already started discussions with the Romanian authorities on the practical aspects related to the
incorporation of the Competence Centre.
The EU’s initiative to build a centre for cybersecurity is more than welcome given the fragmentation of expertise and know how across more than 660 cybersecurity expertise centres that now exist throughout EU. The Centre is thus expected to help Member States take a proactive, longer term and strategic perspective to cybersecurity industrial
policy. This should fuel the EU’s competitiveness in this field in a time when safeguarding data and creating more diverse supply chains environments are in the spotlight.
Senior Privacy & Technology Consultant
1 More information are available here: https://ec.europa.eu/info/horizon-europe_en.
2 More information are available here: https://digital-strategy.ec.europa.eu/en/activities/digital-programme.