Today, the EU Cybersecurity Act (the "Act") was published in the Official Journal of the European Union. A central pillar of the European Union (EU) cybersecurity strategy, the Act aims to strengthen the cybersecurity features of everyday products and services and boost cyber resilience in the EU. The Act sets out a framework through which ICT products, services and processes may be granted EU-wide cybersecurity certification. The mandate and capabilities of ENISA, the EU Agency for Cybersecurity, are also reinforced by the Act. ENISA will now have more resources at its disposal, as well as new responsibilities, for coordinating and supporting cybersecurity efforts across the EU.

The Act will enter into force 20 days from today, although some of the provisions (such as the ones related to penalties or providing for judicial remedies) will be effective as of June 28, 2021.

(For our past coverage of the Act, see our updates published  December 13, 2018, September 17, 2018, and June 11, 2018.)