European Network and Information Security Agency (ENISA)
Communication networks and information systems have become ubiquitous utilities and their security is of increasing concern to society. To guarantee users the best possible security, the European Union (EU) has set up a European Network and Information Security Agency (ENISA) to advise the Commission and EU countries, as well as to coordinate the measures they are taking to secure their networks and information systems.
Computing and networking * have become an essential part of the daily lives of European citizens. The exponential development of communication networks and information systems * inevitably raises the question of their security, which has become a subject of growing concern to society.
The growing number of security breaches * has already generated substantial financial damage, undermined user confidence and been detrimental to the development of e-commerce. An attack on key information systems could have major consequences for the provision of services essential for the well-being of European citizens. The proliferation of internet connections and increased networking are making security requirements ever more pressing.
Individuals, public administrations and businesses have reacted by deploying security technologies and security management procedures. However, apart from certain administrative networks, there is no systematic cross-border cooperation on this issue between EU countries.
The European Network and Information Security Agency’s (ENISA) aim is to enhance the capability of the European Union (EU), EU countries and business community to prevent, address and respond to network and information security problems.
In addition, ENISA provides assistance and delivers advice to the Commission and EU countries. It may also be called upon to assist the Commission in the technical preparatory work for updating and developing EU legislation.
Furthermore, ENISA facilitates and enhances cooperation between different actors operating in the public and private sectors in order to achieve a sufficiently high level of security in EU countries.
To achieve the objectives set out above, ENISA:
- collects appropriate information to analyse current and emerging risks, and provides the results to EU countries and the Commission;
- provides advice and, if appropriate, assistance to the European Parliament, the Commission and the competent European and national bodies;
- enhances cooperation between different players in the sector (e.g. through consultations and networking);
- facilitates cooperation between the Commission and EU countries in the development of common methodologies to prevent security problems;
- contributes to awareness raising and the availability of rapid, objective and comprehensive information on network and information security issues for all users (e.g. by promoting exchanges of best practice, including methods of alerting users, and by seeking synergy between the public and private sectors);
- assists the Commission and EU countries in their dialogue with industry to address security-related problems in hardware and software products;
- tracks the development of standards for security products and services and promotes risk assessment and management activities;
- contributes to EU level efforts to cooperate with non-EU countries and international organisations to promote a global approach to security issues;
- gives its own conclusions, guidelines and advice.
- a management board composed of representatives of EU countries and of the Commission, as well as business representatives, academics and consumers with no voting entitlement;
- an executive director appointed by the management board on the basis of a list of candidates proposed by the Commission;
- a permanent stakeholders' group established by the executive director. The group is composed of representatives of information and communication technology businesses, consumers and academic experts. It gives ENISA access to the most recent information available so that it can respond to network security challenges.
Requests to ENISA
Requests for advice and assistance from ENISA are to be addressed to the executive director, accompanied by explanatory background information. The European Parliament, the Commission or any competent body appointed by an EU country (such as a national regulatory authority) may make requests to ENISA.
For ENISA’s advice and opinions to be accepted by individuals, public administrations and businesses, its independence must be guaranteed and recognised. Accordingly, the members of the management board, the executive director and the external experts participating in ad hoc working groups must declare the absence of any interest that might place their independence in question.
ENISA must ensure that the public and any interested parties are given objective, reliable and easily accessible information, in particular with regard to the results of its work. Access to ENISA’s documents is in line with the general conditions of Regulation (EC) No 1049/2001.
Seat and duration
ENISA is based in Heraklion, Greece. It will operate from 14 March 2004 for a period of 9 years and 6 months.
|Act||Entry into force||Deadline for transposition in the Member States||Official Journal|
|Regulation (EC) No 460/2004||
OJ L 77 of 13.3.2004
|Amending act(s)||Entry into force||Deadline for transposition in the Member States||Official Journal|
|Regulation (EC) No 1007/2008||
OJ L 293 of 31.10.2008
|Regulation (EC) No 580/2011||
OJ L 165 of 24.6.2011
- The ENISA website