Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres - Progress report - Main contents

Document date	23-11-2018
Publication date	24-11-2018
Reference	14368/18
From	Presidency
External link	original article
Original document in PDF

Council of the European Union Brussels, 23 November 2018 (OR. en)

14368/18

Interinstitutional File: 2018/0328(COD) i

CYBER 283 TELECOM 411 CODEC 2031 COPEN 398 COPS 438 COSI 287 CSC 325 CSCI 150 IND 352 JAI 1148 RECH 495 ESPACE 65

NOTE

From: Presidency

To: Permanent Representatives Committee/Council

No. prev. doc.: 14141/18

Subject: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of

National Coordination Centres - Progress report

The Presidency prepared a progress report on the proposal for a Regulation of the European

Parliament and of the Council establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres with the aim of taking stock of the progress made on this file.

The progress report was discussed at the meeting of the Horizontal Working Party on Cyber Issues on 14 November 2018. Based on delegations´ comments, a revised version of the report was prepared as set out in Annex.

The Permanent Representatives Committee is invited to agree to submit the progress report to the TTE (Telecom) Council on 4 December 2018.

The Council is invited to take note of the progress report on the proposal to establish a European Cybersecurity Industrial, Technology and Research Competence Centre and a Network of National Coordination Centres.

ANNEX

PROPOSAL FOR A REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL ESTABLISHING THE EUROPEAN CYBERSECURITY INDUSTRIAL,

TECHNOLOGY AND RESEARCH COMPETENCE CENTRE AND THE NETWORK OF NATIONAL COORDINATION CENTRES

PROGRESS REPORT

• I. 

  INTRODUCTION

• 1. 

  On 13 September 2017, the Commission adopted a cybersecurity package. 1 The package built upon existing instruments and presented new initiatives to further improve EU cybersecurity.

• 2. 

  Building on the ambitious cybersecurity initiatives announced in 2017, the Commission immediately took preparatory steps towards the creation of a network of cybersecurity

  coordination centres and a new European Cybersecurity Industrial, Technology and Research Competence Centre to invest in stronger and pioneering cybersecurity capabilities and capacities in the EU. 2

• 3. 

  Furthermore, the Commission also conducted a mapping of centres of expertise, to gather input from 665 cybersecurity expertise centres on their know-how, activities, working fields and international cooperation. A mapping survey was launched in January 2018 and inputs submitted by 8 March 2018 were taken into consideration for the mapping report analysis.

• 4. 

  Also, in order to inform future thinking, the Commission launched a pilot phase under

  Horizon 2020 (call no SU-ICT-03-2018) to help bring national centres together into a network to create new momentum in cybersecurity competence and technology development.

1 https://ec.europa.eu/digital-single-market/en/cyber-security

2 2018/0328 (COD) i

• 5. 

  The main aim of the legislative proposal on the European Cybersecurity Industrial,

  Technology and Research Competence Centre and the Network of National Coordination Centres is to set up an effective and efficient structure to pool and share cybersecurity research capacities and outcomes and to deploy innovative cybersecurity solutions, as current capabilities and competences of the EU in this domain are considerable but at the same time very fragmented. It is established on a dual legal basis due to its nature and specific objectives. 3

• 6. 

  The proposal introduces three layers of governance:

  • a) 

    EU level - European Cybersecurity Competence Centre;

  • b) 

    national level - network of National Coordination Centres;

  • c) 

    stakeholder level - Cybersecurity Competence Community.

  The planned governance structure of the European Cybersecurity Competence Centre includes a Governing Board, Executive Director and Industrial and Scientific Advisory Board.

• 7. 

  Funding is to be provided mainly from the Digital Europe and Horizon Europe programmes, with the possibility of co-financing from the industry and voluntary contributions by Member States. In this context, the Cybersecurity Competence Centre, in cooperation with the

  Network of National Coordination Centres, will act as an implementation mechanism for two different EU cybersecurity funding streams under the next Multiannual Financial Framework (Digital Europe programme, Horizon Europe).

3 Article 173(3) and Article 187 TFEU

II. STATE OF PLAY

• 8. 

  The legislative proposal was published by the Commission on 12 September 2018.

  The Horizontal Working Party (HWP) on Cyber Issues started to discuss the proposal on 17 September 2018, with a general presentation by the Commission. The impact assessment was presented at the meeting of the HWP on Cyber Issues on 28 September 2018.

• 9. 

  The text of the draft Regulation was examined at the meetings of the HWP on Cyber Issues on 28 September, 8 October and 30 October 2018.

• 10. 

  The European Council conclusions of 18 October 2018 stated that 'negotiations on all cybersecurity proposals should be concluded before the end of the legislature'. 4

• 11. 

  At the meeting of the HWP on Cyber Issues on 30 October 2018, the Presidency offered

  ENISA, the EDA and ECSO an opportunity to present their views and recommendations on the draft Regulation to ensure that stakeholders concerned by the proposal are involved in the discussion process.

• 12. 

  Following the discussions in the HWP on Cyber Issues, Member States were invited to provide written comments by 8 November 2018. A total of 15 Member States took the opportunity to submit their positions in writing.

• 13. 

  Most delegations support the general objectives of the proposal, in particular as regards the need to retain and develop the cybersecurity technological and industrial capacities necessary to secure the Digital Single Market and increase the competitiveness of the EU’s

  cybersecurity industry, especially by deepening coordination of the Union’s cybersecurity research programmes.

4 European Council conclusions, 18 October 2018

• 14. 

  However, a number of concerns and questions were raised, notably regarding the governance structure, the fact that the programmes Digital Europe and Horizon Europe are currently

  under discussion in different Council configurations (Telecommunications and Competitiveness) and the outcome of the two negotiations is still unknown. Furthermore, Member Sates asked for more clarity on the demarcation line and synergies with existing structures. Requests for further clarification on details of the implementation structures and financing mechanisms were also made.

• 15. 

  Information exchange with the Working Party on Research and the Working Party on

  Telecommunications and Information Society has been established. The chairs of the respective working parties presented the current state of play at the meeting of the HWP on Cyber Issues on 14 November 2018.

• 16. 

  The European Parliament appointed Julia Reda (Greens/EFA) a s rapporteur of the leading

  ITRE Committee. An ITRE draft report will be presented on 7 January 2019. The deadline for

  submitting amendments is 12.00 on 9 January. The vote in ITRE is planned for

  19 February 2019.

• 17. 

  Based on the input delivered by Member States and the discussions in the HWP on

  Cyber Issues meetings mentioned above, the Austrian Presidency and the incoming Romanian

  Presidency will draft a non-paper. It is expected to be published in December 2018.

• 18. 

  Building upon the progress made by the Austrian Presidency, the incoming Romanian

  Presidency plans to continue the work on this important file with a view to reaching a general approach.