On September 13, 2018, institutions in the European Union (EU) started negotiations to reach a final agreement on the EU Cybersecurity Act (Act). When adopted, the Act will create EU cybersecurity certification schemes for ICT products (i.e., hardware and software elements of network and information systems); services (i.e., services involved in transmitting, storing, retrieving or processing information via network and information systems); and processes (i.e., sets of activities performed to design, develop, deliver and maintain ICT products or services). 

The Act should also provide the European Union Agency for Network and Information Security (ENISA) with a permanent mandate and new tasks to support member states, EU institutions and other stakeholders on cyber issues. (For more details on the Act, please see our Legal Update published in June 2018.)

Informal Negotiations Have Started; Deadline Is Tight

For the Act to be adopted, the Council of the European Union and the European Parliament must reach an agreement on final text. Negotiations to that end started on September 13, 2018. In anticipation of the negotiations, the Austrian Presidency of the Council of the European Union published a valuable tool to illustrate the different approaches—a table summarizing the European Commission's initial proposal and the European Parliament's and Council's positions. 

With the Austrian Presidency aiming to a have the Act finalized by the end of the calendar year, little time remains to close the gaps between the stances. The clock is ticking …