The European Parliament and EU member states have reached a provisional agreement on a new law aimed at strengthening the EU’s capacities to detect, prepare for, and respond to cyber-security threats and incidents.

It also beefs up co-operation mechanisms among EU countries.

The European Commission, which proposed the Cyber Solidarity Act last year, welcomed the deal.

The measures include the establishment of a ‘cyber-security alert system’ comprising national and cross-border cyber-hubs, which is aimed at detecting major threats quickly and effectively.

Emergency mechanism

The new regulation also provides for the creation of a cyber-security emergency mechanism to increase preparedness and enhance incident-response capabilities in the EU.

It will support:

• Preparedness actions – including testing entities in highly critical sectors such as healthcare, transport, and energy, for potential vulnerabilities,
• A new EU cyber-security reserve consisting of incident-response services from the private sector ready to intervene at the request of a member state or EU institutions, bodies, and agencies, and
• Mutual assistance in financial terms.

There will also be an evaluation and review mechanism to assess the effectiveness of the actions under the cyber-emergency mechanism and the use of the cyber-security reserve.

Certification schemes

MEPs and the EU Council also agreed on a targeted amendment to 2019 legislation on cyber-security that would enable the future adoption of European certification schemes for managed-security services provided by specialised companies.

This is aimed at increasing the quality and comparability of such cyber-security providers.

The agreement reached yesterday (5 March) is now subject to formal approval by the European Parliament and the Council.

Thierry Breton (Commissioner for Internal Market) described the deal as “a crucial step to establish a European cyber-shield”.