The Council of the European Union on Monday announced the adoption of two new laws meant to improve the overall cybersecurity across the EU.
The two new laws in the cybersecurity package establish a cybersecurity shield that calls for member states to cooperate in detecting and responding to cyberattacks, and amend the EU’s Cybersecurity Act (CSA) of 2019 to ensure adequate security standards for managed security services.
The first legislative act (PDF) establishes a European Cybersecurity Alert System, a pan-European network of cyberhubs that creates “coordinated detection and situational awareness capabilities, reinforcing the Union’s threat detection and information-sharing capabilities”.
The alert system’s infrastructure will include cross-border cyber hubs that will group together national cyber hubs meant to coordinate cyber threat detection and action activities with other member states.
“The cyber hubs will use state-of-the-art technology, such as artificial intelligence (AI) and advanced data analytics, to detect and share timely warnings on cyber threats and incidents across borders. They will strengthen the existing European framework and, in turn, authorities and relevant entities will be able to respond more efficiently and effectively to cybersecurity incidents,” the European Council said.
The new regulation also establishes a Cybersecurity Emergency Mechanism to support member states in preparing for, detecting, and recovering from major cybersecurity attacks, and a European Cybersecurity Incident Review Mechanism to review and assess major attacks.
The mechanism will support preparedness actions, including testing for potential vulnerabilities; a new EU cybersecurity reserve that will include private incident response services that will intervene at the request of member states; and technical mutual assistance.
The second law (PDF) amends the Union’s cyber resilience through the adoption of certification schemes for managed security services, which play an essential role in preventing, detecting, responding to, and recovering from cyberattacks.
Advertisement. Scroll to continue reading.
“These services can consist of, for example, incident handling, penetration testing, security audits, and consulting related to technical support,” the Council said.
By amending the CSA, the council aims to increase the quality of managed security services, foster the emergence of trusted providers, and prevent market fragmentation in the context of some member states developing their own national certification schemes.
With the presidents of the Council and the European Parliament having signed them, the two laws are expected to be published in the EU’s official journal and will be enforced 20 days after their publication.
Related: Canada Orders TikTok’s Canadian Business to Be Dissolved but Won’t Block App
Related: House Will Try Again on Reauthorization of US Spy Program After Republican Upheaval
Related: Looking at Security Challenges Through the Lens of Different Roles
Related: European Legislation and the American Tech Industry