On 7 June 2019, Regulation (EU) 2019/881 on ENISA (the European Union Agency for Network and Information Security) and on information and communications technology cybersecurity certification, also known as the Cybersecurity Act, was given the final go-ahead and published in the Official Journal of the European Union.  The Cybersecurity Act will come into force

To enhance cyber resilience, the EU is building a certification framework for information and communication technology (ICT) products, services and processes. On 8 June 2018, the Council agreed a Proposal (known as the Cybersecurity Act) to prepare for negotiations with the European Parliament to finalise the text.

One of the effects of the Proposal is that it will upgrade the current European Union Agency for Network and Information Security (ENISA) into a more stable EU agency for cybersecurity.

Cybersecurity certification

The Proposal introduces a tool to create a more comprehensive regulatory framework for specific ICT processes, products and services designed to help ensure compliance with specified cybersecurity requirements.

Certificates issued under the scheme will be recognised, legally, across the EU. This will therefore have the dual effect of building trust in users – given the technology certification will mean the technology has received the European-security stamp – and enabling businesses to carry out their business cross-border. The resilience behind the technology in relation to accidental or malicious data loss or alteration will be certified.

This certification scheme addresses the barriers in the EU where Member States have implemented different standards to one another, for example Member States have issued regulations which improve country-specific requirements around security.

The details of this certification scheme and its requirements will, in particular, be important to network and data service operators, including cloud computing service providers.

The certification will be optional unless it is specified as a legal requirement under an EU law or Member State law.

Continue Reading EU to create a cybersecurity certification framework

In November 2017, the House of Commons Committee on Exiting the European Union (the Committee) published impact assessment reports of Brexit on various UK business sectors. The Report on the Technology (ICT) Sector (the Report) is a mix of qualitative and quantitative analysis. For each business sector, the Report includes: (i) a description of the sector; (ii) the current EU regulatory regime in which the sector operates; and (iii) an explanation of the frameworks governing how trade is facilitated between countries in the sector. Information provided by the government to the Committee about specific sector views has been withheld by the Committee.

Sector overview

The UK digital sector is vast. It covers digital goods, digital services and digitally enabled transactions of goods and services. It includes the following services and products: (i) audio-visual; (ii) e-commerce; (iii) telecommunications; (iv) data; (v) emerging industries, such as artificial intelligence; (vi) FinTech (dealt with in a separate report); (vii) the Internet of Things; and (viii) cybersecurity. Though London is a prominent hub, digital companies are spread across the UK. Several other cities have highly ranked digital clusters.

The Report highlights:

  • the extent of the UK’s investment in the digital sector;
  • how tech companies are investing in the UK since the Brexit referendum; and
  • information about the value added by the ICT industry, including its contribution to national economy statistics, employment, national balance of trade and international trade.

Continue Reading Brexit sectoral analysis – ICT report