European Network and Information Security Agency (ENISA): further development

In a public session, the Council took note of the progress report on a draft regulation concerning the European Network and Information Security Agency (ENISA). To recall, the Commission’s proposal aims to strengthen and modernise the ENISA and to establish a new mandate for a period of five years. Its current mandate will expire on 13 September 2013. The Presidency's progress report describes work done on this file during the Polish Presidency. The duration of the agency's mandate is still an outstanding issue; several delegations agree to a mandate which is limited in time (including a mandate longer than the period of five years proposed by the Commission) whereas several others support an indefinite mandate. At this stage, no compromise proposal has been put forward in relation to this issue.

The Polish Presidency proposed new tasks for the agency, in particular to support and promote voluntary cooperation between Computer Security Incident Response Teams/Computer Emergency Response Teams. Furthermore, the ENISA should support the Member States, at their request, and the Union's institutions to organise awareness raising and other outreach activities to increase network and information security and its visibility. On international cooperation, the ENISA should contribute to the Union's efforts to cooperate with third countries and international organisations, for instance by supporting cooperation with the relevant organisations e.g. CSIRTs/CERTs and promoting involvement in international network and information security exercises. These Presidency compromise proposals on the tasks were acceptable in principle to delegations.

The European Parliament is expected to conclude its first reading on this proposal in the early part of 2012.