The European Commission (EC) has proposed two new regulations to establish common cyber and information security measures across the bloc, with the aim of bolstering resilience and response capacity against a range of cyber threats.
Under the proposed cybersecurity regulation, which was published 22 March 2022, all European Union (EU) institutions, bodies, offices, and agencies will be required to have cyber security frameworks in place for governance, risk management, and control.
They will also be required to conduct regular maturity assessments, implement plans for improvement, and share any incident-related information with Computer Emergency Response Team (CERT-EU) “without undue delay.”
The regulation would also establish a new inter-institutional Cybersecurity Board to drive and monitor the implementation of the regulation. The new board will further help to steer CERT-EU, which will also have its mandate extended to fill the triple role of being an incident response coordination hub, a central advisory body, and a service provider.
Under a separate Information Security Regulation proposal published the same day, the EC is seeking to create a minimum set of…