On 10 December 2018, the European Parliament, the European Council and the European Commission agreed on new legislation to strengthen cybersecurity within the digital single market.

With the Cybersecurity Act, the EU will strengthen the cybersecurity rules to meet the increasing threat of cyber-attacks against the digital single market. In 2016, there were more than 4,000 ransomware attacks each day, and 80% of all European businesses had experienced at least one attack on their cybersecurity.

The Cybersecurity Act was proposed in 2017, and it contains several new initiatives, for instance:

  • A stronger EU agency for cybersecurity. The present EU agency for cybersecurity, ENISA, would lose its mandate in 2020. With the new Act, ENISA gets a permanent mandate and more new assignments supporting EU countries and institutions within this area. Over a period of four years, ENISA will get more resources.
  • Introduction of joint EU cybersecurity certification. The new Act introduces a certification framework for procedures, products and services within information and communication technology, and certificates issued under this framework will be valid in all EU countries. The certification framework is called "Cybersecurity Certification Framework". The aim is that it will be easier and cheaper for businesses to perform their activities in the entire single market, and it will be easier for the consumers to trust the security behind the technologies. The rules will be of importance to e.g. Internet of Things (loT).

Furthermore, ENISA will facilitate a quicker implementation of the NIS Directive. The NIS Directive was adopted on 6 July 2016 and introduced general requirements for the security of network and information services and a duty to notify security incidents.