Legislative Observatory
European Parliament
Please fill in this field to find a procedure

European Network and Information Security Agency (ENISA): further development

2010/0275(COD)

The Committee on Industry, Research and Energy adopted the report by Giles CHICHESTER (ECR, UK) on the proposal for a regulation of the European Parliament and of the Council concerning the European Network and Information Security Agency (ENISA).

The committee recommends that the European Parliament’s position, adopted at first reading following the ordinary legislative procedures, should be to amend the Commission proposal as follows:

Objectives: Members consider that the Agency should develop and maintain a high level of expertise and assist the Union's institutions, bodies, offices and agencies in:

  • developing policies in network and information security;
  • implementing the policies necessary to meet the legal and regulatory requirements of network and information security in present and future Union legislation, thus contributing to the smooth functioning of the internal market;
  • enhancing and strengthening the capability and preparedness of the Union and of the Member States to prevent, detect and respond to network and information security problems and incidents.

Tasks: the Agency’s tasks have been clarified. It shall:

  • support the development of Union policy and legislation, by: (i) assisting and advising on all matters related to Union network and information security policy and legislation; (ii) providing preparatory work, advice and analyses related to the development and update of Union network and information security policy and legislation; (iii) analysing publicly available network and information security strategies and promoting their publication;
  • assist in strengthening capacities;
  • support voluntary cooperation among competent public bodies, and between public and private stakeholders, including universities and research centres in the Union, and awareness raising;
  • support research, development and standardisation;
  • cooperate with Union institutions, bodies, offices and agencies, including those dealing with cybercrime and the protection of privacy and personal data, to address issues of common concern;
  • contribute to the Union efforts to cooperate with third countries and international organisations, to promote international cooperation on network and
  • information security issues.

Member State bodies and Union institutions, bodies, offices and agencies may request advice from the Agency in case of breach of security or loss of integrity with a significant impact on the operation of networks and services.

Organisation: Members call on the Management Board to adopt the Agency’s annual and strategic multiannual work programme. The Management Board shall adopt an annual report on the Agency's activities and send it, by 1 July of the following year, to the European Parliament, the Council, the Commission and the Court of Auditors. The annual report shall include the accounts and describe how the Agency has met its performance indicators.

The Management Board shall: (i) adopt an anti-fraud strategy, which is proportionate to the fraud risks having regard to cost-benefit of the measures to be implemented; (ii) adopt rules for the prevention and management of conflicts of interest; (ii) exercise with respect to the staff of the Agency, the appointing authority powers conferred by the Staff Regulations on the Appointing Authority and by the Conditions of Employment of Other Servants on the Authority Empowered to Conclude Contract of Employment.

The Staff Regulations of the European Union and the Conditions of Employment of Other Servants of the European Union and the rules adopted by agreement between the institutions of the European Union for giving effect to those Staff Regulations shall apply to the staff of the Agency.

In order to contribute to enhancing effectiveness and efficiency of the operation of the Agency, the Management Board shall establish an Executive Board.

Executive Director: Members seek to clarify the role of the Executive Director who shall be engaged as a temporary agent and appointed by the Management Board from a list of candidates proposed by the Commission, following an open and transparent selection procedure.

Before appointment, the candidate selected by the Management Board shall be invited to make a statement before the competent committee of the European Parliament and to answer questions by its members.

The term of office of the Executive Director shall be five years. By the end of this period, the Commission shall undertake an assessment which takes into account the evaluation of the performance of the Executive Director and the Agency's future tasks and challenges. The term of office of the Executive Director may be extended for no more than five years after obtaining the views of the European Parliament.

The Executive Director shall be responsible for the implementation of the Agency’s budget.

Evaluation and review: no later than 5 years from the day of entry into force of this Regulation, the Commission shall commission an evaluation to assess particularly the impact, effectiveness and efficiency of the Agency and its working practices. The evaluation shall also address the possible need to modify the mandate of the Agency and the financial implications of any such modification.

The text recalls that on 1 April 2005, a Headquarters Agreement was concluded between the Agency and the Host Member State. The Greek Government determined that ENISA should have its seat in Heraklion, Crete. Members call for a branch office to be established in the metropolitan area of Athens in order to improve the operational efficiency of the Agency.