European Cybersecurity Competence Centre

2018/0328(COD)

The Council adopted its position at first reading with a view to the adoption of a regulation of the European Parliament and of the Council establishing the European Cybersecurity Industrial, Technology

and Research Competence Centre and the Network of National Coordination Centres.

The proposed regulation aims to help the EU maintain and develop the technological and industrial cyber security capacities needed to secure its digital single market. It provides for the creation of structures at three institutional levels:

1) a European Competence Centre for Cybersecurity Industrial, Technology and Research (at EU level),

2) a Network of National Coordination Centres (national level), and

3) a Cybersecurity Competence Community (at stakeholder level).

Mission of the Competence Centre and the Network

The mission of the Competence Centre and the Network is to help the Union to:

- strengthen its leadership and strategic autonomy in the area of cybersecurity by retaining and developing the Union’s research, academic, societal, technological and industrial cybersecurity capacities and capabilities necessary to enhance trust and security, including the confidentiality, integrity and accessibility of data, in the Digital Single Market;

- support Union technological capacities, capabilities and skills in relation to the resilience and reliability of the infrastructure of network and information systems, including critical infrastructure and commonly used hardware and software in the Union; and

- increase the global competitiveness of the Union’s cybersecurity industry, ensure high cybersecurity standards throughout the Union and turn cybersecurity into a competitive advantage for other Union industries.

Centre of Competence

The Centre’s aim would be to ensure closer coordination between research and innovation and the deployment of strategies at both national and EU level, and to enable Member States to take decisions on their financial contribution to joint actions.

The Competence Centre should:

- implement research and innovation actions (supported by the Horizon Europe programme) as well as capacity building actions (supported by the Digital Europe programme);

- support, together with Member States, the build-up and procurement of advanced cybersecurity equipment, tools and data infrastructure in Europe and ensure wide deployment of the latest cybersecurity solutions across the economy; to this end, the Competence Centre would also be able to facilitate the shared acquisition of capacities on behalf of Member States.

Organisation of the Centre of Competence

The Competence Centre would be based in Bucharest and would have a Governing Board composed of representatives of the Member States and the Commission, responsible for defining the general direction of the Competence Centre’s operations and should ensure that the Competence Centre carries out its tasks in accordance with this Regulation.

The Strategic Advisory Group - consisting of up to 20 members - would provide advice based on a regular dialogue between the Competence Centre and the cyber security competence community.

The European Union Agency for Cyber Security (ENISA) would be a permanent observer on the Governing Board of the Centre of Competence and may provide advice and input on the drafting of the strategy and the annual and multi-annual work programmes.

The Council position includes new articles on gender balance and on the legal personality of the Centre of Competence.

Voting rules

The Governing Board should use a consensual approach in its discussions. A vote should be held if the members of the Governing Board fail to achieve a consensus.

For certain decisions related to the implementation of the Union's budget, as well as for the annual work programme, the multi-annual work programme and the method of calculating Member States' contributions, the Commission would have 26% of the voting rights. The Governing Board would adopt its decisions by a majority of at least 75% of the votes of all its members.

National coordination centres

No later than six months after the date of entry into force of the Regulation, each Member State would designate an entity to act as its national coordination centre.

The national coordination centres would act as national contact points for the Community to assist the Competence Centre in fulfilling its mission and objectives, in particular, to coordinate the Community through coordination between its members in their Member State.

Cybersecurity Competence Community

The Community will contribute to the mission of the Competence Centre and the Network and will enhance, share and disseminate cybersecurity expertise across the EU.

The Community would be composed of collective bodies/organisations and would not include individuals. The Competence Centre and its bodies could draw on the expertise of individuals and natural persons as ad hoc experts.