Cybersecurity Act: On the Route of a European Union Cybersecurity Certification System (U12c)
On 13 September 2017, the European Commission (through the Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on ENISA, the “EU Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification – Cybersecurity Act) has set a cornerstone to initiate the work on a Common cybersecurity certification scheme on ICT products and services applicable within the boundaries of the European Union. For the first time a number of Nation States may agree to work under the same scheme, with the aim to have a common EU market where certain classes of ICT Products and services may be certified on a common ground. The responsibility to set the scheme is assigned to a central EU Agency with the aim to assure coherence and stability, but Member States will retain an active role. Once the scheme will be in place, it will be binding for the entire European Union, with some exceptions. The initial proposal was already proposed to be amended, and the strong pressure, changed the initial pioneering ideas. We will start with an introduction to the Regulation, followed by an overview on the more recent stakeholder reports and analysis which came as a result of the legislative process. Also, we will give a close look to the concerns and positions of all involved stakeholders, and on the expected outcome. An answer to the following questions will be provided: how the processes may re-shape the initial proposal? What may be the scenarios that proposed changes may impose to the final consumers/actors in the use of the schemes? How schemes may work in the context of the MLAs and International agreements? What may be the real role of ENISA and how ENISA may better structure itself in order to help with the implementation? We will put the emphasis on the transition phase and on the possible challenges to the legislative process, and on the influence on the national and international industrial landscapes, having a close look to how the on-going parallel legislative processes may influence each other in the medium and long run.