PURPOSE: to pool resources and expertise in the field of cybersecurity technologies.
PROPOSED ACT: Regulation of the European Parliament and of the Council.
ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.
BACKGROUND: cybersecurity is an issue of common interest of the Union. Future security depends, among others, on enhancing technological and industrial ability to protect the Union against cyber threats, as both civilian infrastructure and military capacities rely on secure digital systems.
Following the 2013 cybersecurity strategy, the Union has continued to increase its activities to meet the growing challenges of cybersecurity:
With more than 660 cyber security competence centres throughout the EU, the EU already has considerable expertise in this area. However, the efforts of the research and industry communities are fragmented, lacking alignment and a common mission, which hinders the EU's competitiveness in this field.
The Commission considers that these efforts and expertise need to be pooled, networked and used in an efficient manner to reinforce and complement existing research, technology and industrial capacities at Union and national levels.
IMPACT ASSESSMENT: among the main arguments in favour of the selected option were:
CONTENT: this Regulation proposes to establish the European Cybersecurity Industrial, Technology and Research Competence Centre, as well as the Network of National Coordination Centres, and lays down rules for the nomination of National Coordination Centres as well as for the establishment of the Cybersecurity Competence Community.
The Competence Centre: its role would be to facilitate the work of the Network of National Coordination Centres and to enhance the cybersecurity competences, by driving the cybersecurity technological agenda and facilitating access to the expertise so gathered.
To this end, it would coordinate the use of cybersecurity funds under the EU's next long-term budget for the period 2021-2027 under the Digital Europe Programme and the Horizon Europe Programme. Its objectives would be:
· to enhance cybersecurity capabilities, knowledge and infrastructures at the service of industries, the public sector and research communities;
· to contribute to the wide deployment of the latest cyber security products and solutions across the economy;
· to improve the understanding of cybersecurity and contribute to reducing skills gaps in the Union related to cybersecurity;
· to contribute to the reinforcement of cybersecurity research and development in the Union;
· to enhance synergies between the civilian and defence dimensions of cybersecurity.
The Competence Centre would be set up as a European partnership to facilitate joint investment by the Union, Member States and/or industry. Therefore, the proposal requires Member States to contribute a commensurate amount to the actions of the Competence Centre and Network. The principal decision-making body is the Governing Board, in which all Member States take part but only those Member States which participate financially have voting rights.
The Network of National Coordination Centres: each Member State would nominate a national coordination centre to lead the Network, which would focus on developing new and expanded cybersecurity capabilities and expertise. The Network would identify and support the most relevant cybersecurity projects in Member States.
The Cybersecurity Competences Community: this would contribute to the mission of the Competence Centre by enhancing and disseminating cybersecurity expertise throughout the Union. It would involve a large and diverse group of actors involved in the development of cybersecurity technologies, such as research organisations, supply and demand side industries and the public sector.
BUDGETARY IMPLICATIONS: the Union's contribution to the Competence Centre to cover administrative and operating costs includes the following elements: