Regulation 2013/526 - EU Agency for Network and Information Security (ENISA)

Please note

This page contains a limited version of this dossier in the EU Monitor.

Contents

  1. Current status
  2. Key information
  3. Key dates
  4. Legislative text
  5. Original proposal
  6. Sources and disclaimer
  7. Full version
  8. EU Monitor

1.

Current status

This regulation was in effect from June 19, 2013 until June 26, 2019.

2.

Key information

official title

Regulation (EU) No 526/2013 of the European Parliament and of the Council of 21 May 2013 concerning the European Union Agency for Network and Information Security (ENISA) and repealing Regulation (EC) No 460/2004 Text with EEA relevance
 
Legal instrument Regulation
Number legal act Regulation 2013/526
Original proposal COM(2010)521 EN
CELEX number103 32013R0526

3.

Key dates

Document 21-05-2013
Publication in Official Journal 18-06-2013; Special edition in Croatian: Chapter 13 Volume 066,OJ L 165, 18.6.2013
Effect 19-06-2013; Entry into force Date pub. +1 See Art 37
End of validity 26-06-2019; Repealed by 32019R0881

4.

Legislative text

18.6.2013   

EN

Official Journal of the European Union

L 165/41
 

REGULATION (EU) No 526/2013 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

of 21 May 2013

concerning the European Union Agency for Network and Information Security (ENISA) and repealing Regulation (EC) No 460/2004

(Text with EEA relevance)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Economic and Social Committee (1),

Acting in accordance with the ordinary legislative procedure (2),

Whereas:

 

(1)

Electronic communications, infrastructure and services are essential factors, both directly and indirectly, in economic and societal development. They play a vital role for society and have in themselves become ubiquitous utilities in the same way as electricity or water supplies, and also constitute vital factors in the delivery of electricity, water and other critical services. Communications networks function as social and innovation catalysts, multiplying the impact of technology and shaping consumer behaviours, business models, industries, as well as citizenship and political participation. Their disruption has the potential to cause considerable physical, social and economic damage, underlining the importance of measures to increase protection and resilience aimed at ensuring continuity of critical services. The security of electronic communications, infrastructure and services, in particular their integrity, availability and confidentiality, faces continuously expanding challenges which relate, inter alia, to the individual components of the communications infrastructure and the software controlling those components, the infrastructure overall and the services provided through that infrastructure. This is of increasing concern to society not least because of the possibility of problems due to system complexity, malfunctions, systemic failures, accidents, mistakes and attacks that may have consequences for the electronic and physical infrastructure which delivers services critical to the well-being of European citizens.
 

(2)

The threat landscape is continuously changing and security incidents can undermine the trust that users have in technology, networks and services, thereby affecting their ability to exploit the full potential of the internal market and widespread use of information and communications technologies (ICT).
 

(3)

Regular assessment of the state of network and information security in the Union, based on reliable Union data, as well as systematic forecast of future developments, challenges and threats, both at Union and global level, is therefore important for policy makers, industry and users.
 

(4)

By Decision 2004/97/EC, Euratom (3), adopted at the meeting of the European Council on 13 December 2003, the representatives of the Member States decided that the European Network and Information Security Agency (ENISA), that was to be established on the basis of the proposal submitted by the Commission, would have its seat in a town in Greece to be determined by the Greek Government. Following that Decision, the Greek Government determined that ENISA should have its seat in Heraklion, Crete.
 

(5)

On 1 April 2005, a Headquarters Agreement (‘Seat Agreement’) was concluded between the Agency and the host Member State.
 

(6)

The Agency’s host Member State should ensure the best possible conditions for the smooth and efficient operation of the Agency. It is imperative for the proper and efficient performance of its tasks, for staff recruitment and retention and to enhance the efficiency of networking...


More

This text has been adopted from EUR-Lex.

5.

Original proposal

 

6.

Sources and disclaimer

For further information you may want to consult the following sources that have been used to compile this dossier:

This dossier is compiled each night drawing from aforementioned sources through automated processes. We have invested a great deal in optimising the programming underlying these processes. However, we cannot guarantee the sources we draw our information from nor the resulting dossier are without fault.

 

7.

Full version

This page is also available in a full version containing the summary of legislation, the legal context, de Europese rechtsgrond, other dossiers related to the dossier at hand, the related cases of the European Court of Justice and finally consultations relevant to the dossier at hand.

The full version is available for registered users of the EU Monitor by ANP and PDC Informatie Architectuur.

8.

EU Monitor

The EU Monitor enables its users to keep track of the European process of lawmaking, focusing on the relevant dossiers. It automatically signals developments in your chosen topics of interest. Apologies to unregistered users, we can no longer add new users.This service will discontinue in the near future.

  • 1. 
    Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency (OJ L 77, 13.3.2004, p. 1).

     
  • 2. 
    Regulation (EC) No 1007/2008 of the European Parliament and of the Council of 24 September 2008 amending Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency as regards its duration (OJ L 293, 31.10.2008, p. 1).

     
  • 3. 
    The summary report of the results of the Public Consultation
     
  • 4. 
    COM(2009) 149, 30.3.2009.

     
  • 5. 
    Discussion Paper: www.tallinnciip.eu/doc

     
  • 6. 
    Council Resolution of 18 December 2009 on a collaborative approach to Network and Information Security (OJ C 321, 29.12.2009, p. 1),eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2009:321:0001:0004:EN:PDF.

     
  • 7. 
    COM(2010) 245, 19.5.2010.

     
  • 8. 
    See Annex XI of the Impact Assessment

     
  • 9. 
    See Annex IV of the Impact Assessment.

     
  • 10. 
    OJ C 115, 9.5.2008, p. 94.

     
  • 11. 
    ECJ 02.05.2006, C-217/04, United Kingdom of Great Britain and Northern Ireland v European Parliament and Council of the European Union.

     
  • 12. 
    Cf. supra.

     
  • 13. 
    Regulation (EC) No 1007/2008 of the European Parliament and of the Council of 24 September 2008 amending Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency as regards its duration (OJ L 293, 31.10.2008, p. 1).

     
  • 14. 
    The ordinary legislative procedure differs in particular in terms of majority requirements in Council and EP.

     
  • 15. 
    OJ C , , p. .

     
  • 16. 
    OJ C , , p. .

     
  • 17. 
    OJ L 77, 13.3.2004, p. 1.

     
  • 18. 
    OJ L 293, 31.10.2008, p. 1

     
  • 19. 
    COM(2006) 251, 31.5.2006.

     
  • 20. 
    Council Resolution of 22 March 2007 on a Strategy for a Secure Information Society in Europe (OJ C 68, 24.3.2007, p. 1).

     
  • 21. 
    COM(2009) 149, 30.3.2009.

     
  • 22. 
    Council Resolution of 18 December 2009 on a collaborative approach to Network and Information Security (OJ C 321, 29.12.2009, p. 1).

     
  • 23. 
    COM(2010)245, 19.5.2010

     
  • 24. 
    OJ L 108, 24.4.2002, p. 33.

     
  • 25. 
    OJ L 201, 31.7.2002, p. 37.

     
  • 26. 
    OJ L 281, 23.11.1995, p. 31.

     
  • 27. 
    OJ L 337, 18.12.2009, p.1.

     
  • 28. 
    OJ L 204, 21.7.1998, p. 37.

     
  • 29. 
    Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145, 31.5.2001, p. 43).

     
  • 30. 
    Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (OJ L 8, 12.1.2001, p. 1).

     
  • 31. 
    Regulation (EC) No 1007/2008 of the European Parliament and of the Council of 24 September 2008 amending Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency as regards its duration (OJ L 293, 31.10.2008, p. 1).

     
  • 32. 
    The summary report of the results of the Public Consultation
     
  • 33. 
    Regulation (EC) No 1007/2008 of the European Parliament and of the Council of 24 September 2008 amending Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency as regards its duration (OJ L 293, 31.10.2008, p. 1).

     
  • 34. 
    OJ L 357, 31.12.2002, p. 72.

     
  • 35. 
    OJ L 317, 3.12.2001, p. 1.

     
  • 36. 
    OJ L 136, 31.5.1999, p. 1.

     
  • 37. 
    OJ L 136, 31.5.1999, p. 15.

     
  • 38. 
    OJ L 248, 16.9.2002, p. 1.

     
  • 39. 
    The summary report of the results of the Public Consultation
     
  • 40. 
    OJ 17, 6.10.1958, p. 385/58. Regulation as last amended by the 1994 Act of Accession.

     
  • 41. 
    ABM: Activity-Based Management
     
  • 42. 
    As referred to in Article 49(6)(a) or (b) of the Financial Regulation.

     
  • 43. 
    Details of management modes and references to the Financial Regulation may be found on the BudgWeb site: www.cc.cec/budg/man/budgmanag/budgmanag_en

     
  • 44. 
    As referred to in Article 185 of the Financial Regulation.

     
  • 45. 
    ec.europa.eu/dgs/information_society/evaluation

     
  • 46. 
    As provided for in Article 25 of the ENISA Regulation. The full text of the document adopted by the ENISA Management Board, which also contains the
     
  • 47. 
    Communication from the Commission to the European Parliament and the Council on the evaluation of the European Network and Information Security Agency (ENISA), COM(2007) 285 final of 1.6.2007: eur-lex.europa.eu/LexUriServ:52007DC0285:EN:NOT.

     
  • 48. 
    -->
     
  • 49. 
    EFTA: European Free Trade Association.

     
  • 50. 
    Candidate countries and, where applicable, potential candidate countries from the Western Balkans.

     
  • 51. 
    See points 19 and 24 of the Interinstitutional Agreement.

     
  • 52. 
    Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency (OJ L 77, 13.3.2004, p.

    1).

     
  • 53. 
    Regulation (EC) No 1007/2008 of the European Parliament and of the Council of 24 September 2008 amending Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency as regards its duration (OJ L 293, 31.10.2008, p.

    1).

     
  • 54. 
    The summary report of the results of the Public Consultation
     
  • 55. 
    COM(2009) 149, 30.3.2009.

     
  • 56. 
    Discussion Paper: www.tallinnciip.eu/doc

     
  • 57. 
    Council Resolution of 18 December 2009 on a collaborative approach to Network and Information Security (OJ C 321, 29.12.2009, p.

    1),eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2009:321:0001:0004:EN:PDF.

     
  • 58. 
    COM(2010) 245, 19.5.2010.

     
  • 59. 
    See Annex XI of the Impact Assessment

     
  • 60. 
    See Annex IV of the Impact Assessment.

     
  • 61. 
    OJ C 115, 9.5.2008, p. 94.

     
  • 62. 
    ECJ 02.05.2006, C-217/04, United Kingdom of Great Britain and Northern Ireland v European Parliament and Council of the European Union.

     
  • 63. 
    Cf. supra.

     
  • 64. 
    Regulation (EC) No 1007/2008 of the European Parliament and of the Council of 24 September 2008 amending Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency as regards its duration (OJ L 293, 31.10.2008, p.

    1).

     
  • 65. 
    The ordinary legislative procedure differs in particular in terms of majority requirements in Council and EP.

     
  • 66. 
    OJ C , , p. .

     
  • 67. 
    OJ C , , p. .

     
  • 68. 
    OJ L 77, 13.3.2004, p. 1.

     
  • 69. 
    OJ L 293, 31.10.2008, p. 1

     
  • 70. 
    COM(2006) 251, 31.5.2006.

     
  • 71. 
    Council Resolution of 22 March 2007 on a Strategy for a Secure Information Society in Europe (OJ C 68, 24.3.2007, p.

    1).

     
  • 72. 
    COM(2009) 149, 30.3.2009.

     
  • 73. 
    Council Resolution of 18 December 2009 on a collaborative approach to Network and Information Security (OJ C 321, 29.12.2009, p.

    1).

     
  • 74. 
    COM(2010)245, 19.5.2010

     
  • 75. 
    OJ L 108, 24.4.2002, p. 33.

     
  • 76. 
    OJ L 201, 31.7.2002, p. 37.

     
  • 77. 
    OJ L 281, 23.11.1995, p. 31.

     
  • 78. 
    OJ L 337, 18.12.2009, p.1.

     
  • 79. 
    OJ L 204, 21.7.1998, p. 37.

     
  • 80. 
    Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145, 31.5.2001, p. 43).

     
  • 81. 
    Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (OJ L 8, 12.1.2001, p.

    1).

     
  • 82. 
    Regulation (EC) No 1007/2008 of the European Parliament and of the Council of 24 September 2008 amending Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency as regards its duration (OJ L 293, 31.10.2008, p.

    1).

     
  • 83. 
    The summary report of the results of the Public Consultation
     
  • 84. 
    Regulation (EC) No 1007/2008 of the European Parliament and of the Council of 24 September 2008 amending Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency as regards its duration (OJ L 293, 31.10.2008, p.

    1).

     
  • 85. 
    OJ L 357, 31.12.2002, p. 72.

     
  • 86. 
    OJ L 317, 3.12.2001, p. 1.

     
  • 87. 
    OJ L 136, 31.5.1999, p. 1.

     
  • 88. 
    OJ L 136, 31.5.1999, p. 15.

     
  • 89. 
    OJ L 248, 16.9.2002, p. 1.

     
  • 90. 
    The summary report of the results of the Public Consultation
     
  • 91. 
    OJ 17, 6.10.1958, p. 385/58. Regulation as last amended by the 1994 Act of Accession.

     
  • 92. 
    ABM: Activity-Based Management
     
  • 93. 
    As referred to in Article 49(6)(a) or (b) of the Financial Regulation.

     
  • 94. 
    Details of management modes and references to the Financial Regulation may be found on the BudgWeb site: www.cc.cec/budg/man/budgmanag/budgmanag_en

     
  • 95. 
    As referred to in Article 185 of the Financial Regulation.

     
  • 96. 
    ec.europa.eu/dgs/information_society/evaluation

     
  • 97. 
    As provided for in Article 25 of the ENISA Regulation. The full text of the document adopted by the ENISA Management Board, which also contains the
     
  • 98. 
    Communication from the Commission to the European Parliament and the Council on the evaluation of the European Network and Information Security Agency (ENISA), COM(2007) 285 final of 1.6.2007: eur-lex.europa.eu/LexUriServ:52007DC0285:EN:NOT.

     
  • 99. 
    -->
     
  • 100. 
    EFTA: European Free Trade Association.

     
  • 101. 
    Candidate countries and, where applicable, potential candidate countries from the Western Balkans.

     
  • 102. 
    See points 19 and 24 of the Interinstitutional
     
  • 103. 
    Deze databank van de Europese Unie biedt de mogelijkheid de actuele werkzaamheden (workflow) van de Europese instellingen (Europees Parlement, Raad, ESC, Comité van de Regio's, Europese Centrale Bank, Hof van Justitie enz.) te volgen. EURlex volgt alle voorstellen (zoals wetgevende en begrotingsdossiers) en mededelingen van de Commissie, vanaf het moment dat ze aan de Raad of het Europees Parlement worden voorgelegd.
     
  • 104. 
    EUR-lex provides an overview of the proposal, amendments, citations and legality.