Council and European Parliament reach agreement on new mandate for the EU Network and Information Security Agency

Source: Council of the European Union (Council) i, published on Friday, February 1 2013.

COUNCIL OF THE EUROPEAN UNION

Brussels, 1 February 2013

PRESSE 42

Council and European Parliament reach agreement on new mandate for the EU Network and Information Security Agency

The Council and the European Parliament, with the help of the Commission, successfully concluded their negotiations on a new mandate for the European Union Network and mformation Security Agency (ISA). Today, the member states' Permanent Representatives endorsed the compromise reached, thus paving the way for the adoption of the draft regulation at first reading. To enter into force, the text still needs to be formally approved by the Parliament, whose vote in plenary is expected to take place before the summer, and the Council, which is due to take its decision after the vote in Parliament

ISA, whose current mandate will expire on 13 September this year, was set up in 2004 with the goal of ensuring a high level of network and information security across the EU. Since then, the challenges for the security of electronic communications have been continuously expanding, with increasing threats from cyber attacks. Against this background, and also in view of the role ISA is supposed to play in the forthcoming cyber strategy to be presented by the Commission, the new regulation aims to strengthen and modernise the agency so as to enhance its efficiency. To this end, the revised mandate updates the agency's tasks, extending them and specifying them more clearly, including as regards interaction with the EU institutions and bodies and the member states. Moreover, ISA's governing structure will be reinforced and its procedures streamlined

With respect to the main issues of discussion between the Council and Parliament on this draft regulation, the negotiations have delivered the following compromise solutions:

  • ISA's new mandate will cover a period of 7 years, with the possibility to

extend the duration of the mandate of the agency if warranted by an assessment of its work

  • The agency's tasks have been set out in more detail. They will also include support for capability building and, in particular, for the operation of computer emergency response teams. Furthermore, upon request by member states or EU bodies, ISA may provide advice in the event of breach of security or loss of integrity
  • It has been specified that a branch office has been established in Athens for operational business, besides the agency's seat in Heraklion (on the Greek island of Crete)
  • In addition to the management board, an executive board will be established, with a remit limited to the preparation of administrative and budgetary decisions to be taken by the management board
  • Moreover, the draft has been aligned with the common approach to decentralised EU agencies, agreed by the Parliament, the Council and the Commission last July

The proposal for a new regulation was presented by the Commission in October 2010 () and was then discussed within the Council under successive presidencies (latest progress report: ). The negotiations between the Council and the European Parliament were based on the results of these discussions, on the one hand, and on the amendments adopted by the competent committee of the European Parliament in February 2012, on the other