News & Publications

Latest news

  • 11 July 2017 - News

    Security certification and labelling – Inception impact assessment unveiled

    On 7 July, the Commission released an inception impact assessment on a proposal for a Regulation revising ENISA Regulation (No 526/2013) and laying down a European ICT security certification and labelling framework. This inception impact assessment concerns both the review of ENISA’s mandate and the creation of a European ICT security certification framework. A thorough impact assessment is currently being prepared to support the preparation of this initiative.
    As a preliminary statement, the Commission notes that the lack of EU-wide approach with regard to ICT certification and the proliferation of national initiatives generate significant burdens for ICT vendors, which might need to undergo several certification processes across the Member States. This problem constitutes a barrier to the internal market and undermines cross border trust. The Commission concludes that a greater coordination and cooperation at EU level is essential to effectively respond to cyber risks and reduce certification costs.
    Regarding the review of ENISA’s mandate, the Commission is considering a few options from non-intervention to the expansion of ENISA's mandate in order to convert ENISA into an EU cybersecurity agency with full operational capabilities.
    Regarding security certification and labelling, the Commission deems that if it does not intervene, the market will keep fragmenting. The Commission laid out different options in order to improve trust in the EU:
    • Option 1: encourage more Member States to support voluntary sector-specific industry-led initiatives and to encourage more Member States to join Senior Officials Group – Information Systems Security.
    • Option 2: propose a European institutional framework for ICT certification and labelling through legislative instrument, without however introducing new ICT security requirements for specific products and services. The European framework would be composed of multiple schemes that, once approved by the Board, becomes “European” and thus valid across the EU.
    • Option 3: Propose the adoption of a new legislative instrument setting out mandatory harmonised requirements and conformity assessment mechanisms to ensure ICT security of specific products and services. ENISA would develop these standards in cooperation with standardisation bodies.
    The Commission is expected to publish the proposal on September 2017.
    Read more
  • 10 July 2017 - News

    Payment Services Directive (PSD2): Opinion of the European Banking Authority

    The Commission entrusted the European Banking Authority (EBA) with the drafting of regulatory technical standards (RTS) to supplement the provisions of the Payment Services Directive (PSD2). These RTS lay down provisions on strong customer authentication and common and secure communication. On 29 June, the EBA published its opinion on Commission’s proposed amendments to the draft RTS.
    Read more
  • 06 July 2017 - News

    IoT labelling and certification in the report on European standards

    During last plenary week, an own-initiative report on European Standards for the 21st century was adopted by the European Parliament. Own-initiative reports are non-binding texts meant to send a political message. This report underlines that common standards are particularly important for the development of the Internet of Things (IoT), as the fragmentation of standards hinders growth in this sector.
    Through this report, the European Parliament took a stance in favour of security-by-design and privacy-by-design principles in order to adequately face cyberthreats. It also supports the Commission’s project to create an IoT label and certification system. However, the Parliament highlights that IoT labelling and certification should be developed “where relevant and where IoT devices could have an impact on relevant infrastructure on the basis of the requirements spelled out in the NIS Directive”.
    The report will feed into the upcoming Commission’s 2018 work programme, which will be adopted this month.
    Read more

Latest publications

  • 02 February 2017- Position papers

    Cybersecurity in Europe

    Towards an Industrial Policy

    Security is a cornerstone when it comes to the protection of data and privacy. Recent cyber-attacks in the US have demonstrated that security by design represents a key objective in politics, for the industry and for citizens. However, for many users convenience is more important than security. This poses a challenge both for policy makers and the Smart Security Industry: combining quick, easy, and fast access to transactions with failsafe security. Trust is crucial for citizens to accept a European digital and mobile economy. The connected society in Europe is also dependent on how secure citizens feel about their digital identity.

    Download the position paper


    Read more
  • 28 November 2016- Position papers

    Eurosmart: Internet of Trust, Security and Privacy in the connected world

    Back in November 2009, Eurosmart published a white paper on the Smart M2M module. At that time, the association was anticipating a massive deployment of connected devices in several sectors of the industry, and claimed that our industry had the technologies to solve the security and privacy challenges at hand.

    We can now see that these forecasts are becoming a reality, with more than 3 billion devices already connected and 20 to 30 billion to be connected by 2020. Our position regarding security and privacy has not changed over the years, and the recent cyber-attacks have further increased our will to be even more proactive in the field of IoT security.

    Download and read our position paper


    Read more
  • 16 November 2015- Position papers

    The Future Digital Identity Landscape in Europe

    Eurosmart's Cybersecurity & Digital Identity Committee issued a paper entitled "The Future Digital Identity Landscape in Europe".

    Read more