European Cybersecurity Competence Centre

2018/0328(COD)

The European Parliament adopted by 480 votes to 70, with 60 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council establishing the European Centre for European Cybersecurity Industrial, Technology and Research Competence Centre and Network of National Coordination Centres.

The position of the European Parliament adopted at first reading in the framework of the ordinary legislative procedure amended the Commission proposal as follows:

Parliament recalled that in 2017, 80 % of the European companies experienced at least one cyber incident making it necessary to adopt the highest standards and comprehensive cyber security solutions.

The objectives of the proposed Regulation would be to strengthen the Union's competitiveness and capabilities in cybersecurity, and to reduce its digital dependency by improving the uptake of cybersecurity products, processes and services developed within the Union.

The European Competence Centre and the network of national coordination centres established by the Regulation shall contribute to overall resilience and awareness of cyber security threats in the Union, taking into account the implications for society.

Members clarified the missions and tasks of the Competence Centre, including:

 

  • develop the technological, industrial, societal, societal, academic and research skills and expertise in cybersecurity necessary to secure its digital single market and strengthen data protection for EU citizens, businesses and public administrations;
  • contribute to increasing the resilience and reliability of network and information systems infrastructure, including the Internet and other infrastructures critical to the functioning of society, such as transport, health and banking systems;
  • develop the cybersecurity technological, industrial, societal, academic and research expertise capacities and capabilities;
  • raise the awareness for cybersecurity threats, and related societal and ethical implications and concerns and reduce the skills gap in cybersecurity in the Union;
  • develop European leadership in cybersecurity and ensure the highest cybersecurity standards throughout the Union;
  • reinforce the trust of citizens, consumers and businesses in the digital world;
  • provide financial support and technical assistance to start-ups, SMEs, microenterprises, associations, individual experts and civil technology projects in the field of cybersecurity;
  • finance software security code controls and related improvements in free and open source software projects commonly used for infrastructure, products and processes;
  • facilitate the sharing of cybersecurity knowledge and technical assistance among others to civil society, industry and public authorities, as well as to the academic and research communities;
  • promote "safety by design" as a principle in the process of developing, maintaining, operating and updating infrastructure, products and services, in particular by supporting the latest safe development methods, appropriate safety tests and safety audits;
  • ensure respect for fundamental rights and ethical behaviour in cybersecurity research projects supported by the Competence Centre;
  • monitor reports of vulnerabilities discovered by the Community and facilitating the disclosure of vulnerabilities, the development of patches, fixes and solutions;
  • support research in the field of cybercrime and the development of products and processes that can be freely studied, shared and developed;
  • provide specific support to SMEs by facilitating their tailor-made access to knowledge and training;
  • enhance cooperation between the civil and defence spheres with regard to dual use technologies and applications in cybersecurity, by carrying out the following tasks, which shall be reactive and defensive cyber defence technology;
  • contribute to the Union's efforts to strengthen international cooperation on cybersecurity.

National Coordination Centres

A National Coordination Centre shall be set up in each Member State.

The relationship between the Competence Centre and the national coordination centres shall be based on a standard contractual agreement signed between the Competence Centre and each of the national coordination centres.

National Centres shall cooperate closely with national standards bodies to promote the adoption of existing standards and to involve all relevant stakeholders, in particular SMEs, in the development of new standards. They shall also serve as a one-stop shop for products and processes funded by other EU programmes and provide a minimum common curriculum on cybersecurity.

Cybersecurity Competence Community

The Cybersecurity Competence Community contributes to the mission of the Competence Centre and disseminates cybersecurity expertise across the Union.

The Competence Community shall include civil society, industry, both on the demand and supply side, including SMEs, academia and science, user associations, individual experts, relevant European standards bodies and other associations, as well as public entities and other entities dealing with operational and technical issues in the field of cybersecurity.

Governing structure

The Governing Board shall be composed of one representative from each Member State, one representative appointed by the European Parliament as an observer, and four representatives of the Commission, on behalf of the Union, and shall aim to achieve gender balance between the members of the Governing Board and their alternates.

The Centre and its bodies shall ensure that conflicts of interest are not only identified, but are resolved and addressed in a transparent and accountable manner. Member States shall ensure that the same applies to national coordination centres.

The Industry and Scientific Advisory Committee, composed of a maximum of 25 members, would regularly advise the Competence Centre on the execution of its activities.

Financial contribution of the Union

This shall amount to EUR 1 780 954 875 at 2018 prices (EUR 1 998 696 000 in current prices) from the Digital Europe programme, including up to EUR 21 385 465 at 2018 prices (EUR 23 746 000 in current prices) for administrative costs. It shall also include an amount from the European Defence Fund for the defence-related actions of the Competence Centre.