{"id":7277,"date":"2024-10-04T08:15:43","date_gmt":"2024-10-04T08:15:43","guid":{"rendered":"https:\/\/haavind.stage01.dekodes.no\/techinsight-new\/?post_type=tech-insight&#038;p=7277"},"modified":"2024-10-16T10:04:30","modified_gmt":"2024-10-16T10:04:30","slug":"cybersecurity-regulation","status":"publish","type":"tech-insight","link":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/","title":{"rendered":"Cybersecurity Regulation"},"content":{"rendered":"\t<div class=\"template-tech-insight alignwide has-media wp-block-dekode-hero\">\n\t\t<div class=\"hero__inner\">\n\t\t\t<div class=\"hero__inner_blocks\">\n\t\t\t\t\n<h1 class=\"wp-block-post-title\">Cybersecurity Regulation<\/h1>\n\n<p class=\"t2-ingress wp-block-t2-ingress\"><em>Regulation (2019\/881) on ENISA and on ICT cybersecurity certification<\/em><\/p>\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<div class=\"hero__image\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"460\" height=\"352\" src=\"https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/Cybersecurity-Regulation-460x352-1.jpg\" class=\"attachment-ultra size-ultra\" alt=\"\" srcset=\"https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/Cybersecurity-Regulation-460x352-1.jpg 460w, https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/Cybersecurity-Regulation-460x352-1-300x230.jpg 300w\" sizes=\"(max-width: 460px) 100vw, 460px\" \/>\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\n\n<div class=\"haavind-tech-info alignleft wp-block-haavind-tech-info\">\n\t\t\t<div class=\"haavind-tech-info__categories\">\n\t\t\t\t<h4>Category<\/h4>\n\t\t\t\t\n\t\t\t<div class=\"t2-post-dynamic-part is-source-term term-tech-insight-category haavind-tech-meta__category wp-block-t2-post-dynamic-part\"><a href=\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/cybersecurity\/\" class=\"t2-post-dynamic-part__term\" rel=\"tag\">Cybersecurity<\/a><\/div>\n\t\t\t<\/div>\n<div class=\"haavind-tech-info__blocks\">\n<h3 class=\"wp-block-heading\" id=\"h-status\">Status<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-eu\"><strong>EU<\/strong><\/h4>\n\n\n\n<p>Date of application 27 June 2019.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-eea\"><strong>EEA<\/strong><\/h4>\n\n\n\n<p>Deadline for implementation was 1 April 2024.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-norway\"><strong>Norway<\/strong><\/h4>\n\n\n\n<p>The Regulation will be implemented as an administrative regulation to the Norwegian Digital Security Act\u00a0.<\/p>\n<\/div>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\" id=\"h-scope\">Scope<\/h2>\n\n\n\n<p>The regulation primarily imposes obligations on the respective EEA Member States, requiring them to adopt a national strategy on the security of network and information systems. While it does not directly mandate requirements for individual enterprises and public bodies, it requires member states to set national frameworks that enterprises must follow (and benefit from).<br><br>The regulation also sets out the role of ENISA (the European Union Agency for Cybersecurity) in facilitating a coordinated response to large-scale cybersecurity incidents and attacks across the EU.<br><br>A significant component of the regulation is the establishment of a European framework for ICT cybersecurity certification, providing a harmonized set of standards for ICT products, services, and processes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-relevance\">Relevance<\/h2>\n\n\n\n<p>The introduction of a European cybersecurity certification framework under this Regulation marks a significant step towards harmonizing the cybersecurity certification processes across the EU, potentially influencing global cybersecurity practices.<br><br>For Norway, the certification framework will expand the scope of certification reflected in todays&#8217; SERTIT scheme to include services and processes. Effective implementation will require additional resources for the national cybersecurity certification authority to handle complaints, declarations, and oversight of certification bodies. The inclusion of commercial certification bodies may increase costs for Norwegian companies that previously relied on the free certification services of SERTIT.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-key-obligations\">Key obligations<\/h2>\n\n\n\n<p>The regulation sets out the tasks of ENISA, including in light of policy development and legislation, enhancing cybersecurity capabilities in the EU, ensuring cooperation between member states, developing cybersecurity standards and certifications. ENISA shall also acts as an EU hub for network and information security, promoting best practices and initiatives across the EU, provide guidance and best practices for the security of critical infrastructure and digital service providers and create reports after significant incidents to guide organizations and citizens.<br><br>The regulation further introduces a comprehensive framework for the cybersecurity certification of ICT products, services, and processes, to be proposed by ENISA and adopted by the European Commission through implementing acts. Initially, the certification is voluntary, but the European Commission will periodically review the effectiveness and uptake of certification schemes. It may propose mandatory implementation in specific sectors covered by the NIS 2 Directive if needed.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Deadline for implementation in the EEA (Regulation 2019\/881)<\/p>\n","protected":false},"featured_media":7668,"menu_order":0,"template":"","meta":{"tech-insight-date":"2024-08-01T10:12:32","footnotes":""},"tech-insight-category":[92],"tech-insight-jurisdiction":[83,84],"tech-insight-status":[86,87,97],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.2 (Yoast SEO v24.2) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Cybersecurity Regulation - Haavind Tech Insight<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cybersecurity Regulation\" \/>\n<meta property=\"og:description\" content=\"Deadline for implementation in the EEA (Regulation 2019\/881)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/\" \/>\n<meta property=\"og:site_name\" content=\"Haavind Tech Insight\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-16T10:04:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/Cybersecurity-Regulation-460x352-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"460\" \/>\n\t<meta property=\"og:image:height\" content=\"352\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/\",\"url\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/\",\"name\":\"Cybersecurity Regulation - Haavind Tech Insight\",\"isPartOf\":{\"@id\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/Cybersecurity-Regulation-460x352-1.jpg\",\"datePublished\":\"2024-10-04T08:15:43+00:00\",\"dateModified\":\"2024-10-16T10:04:30+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/#primaryimage\",\"url\":\"https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/Cybersecurity-Regulation-460x352-1.jpg\",\"contentUrl\":\"https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/Cybersecurity-Regulation-460x352-1.jpg\",\"width\":460,\"height\":352,\"caption\":\"Abstract shiny dark blue wavy dotted line particle technology background\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity Regulation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/#website\",\"url\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/\",\"name\":\"Haavind Tech Insight\",\"description\":\"Stay ahead with our digital roadmap of EU Tech regulations\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Cybersecurity Regulation - Haavind Tech Insight","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/","og_locale":"en_US","og_type":"article","og_title":"Cybersecurity Regulation","og_description":"Deadline for implementation in the EEA (Regulation 2019\/881)","og_url":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/","og_site_name":"Haavind Tech Insight","article_modified_time":"2024-10-16T10:04:30+00:00","og_image":[{"width":460,"height":352,"url":"https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/Cybersecurity-Regulation-460x352-1.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/","url":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/","name":"Cybersecurity Regulation - Haavind Tech Insight","isPartOf":{"@id":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/#website"},"primaryImageOfPage":{"@id":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/#primaryimage"},"image":{"@id":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/#primaryimage"},"thumbnailUrl":"https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/Cybersecurity-Regulation-460x352-1.jpg","datePublished":"2024-10-04T08:15:43+00:00","dateModified":"2024-10-16T10:04:30+00:00","breadcrumb":{"@id":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/#primaryimage","url":"https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/Cybersecurity-Regulation-460x352-1.jpg","contentUrl":"https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/Cybersecurity-Regulation-460x352-1.jpg","width":460,"height":352,"caption":"Abstract shiny dark blue wavy dotted line particle technology background"},{"@type":"BreadcrumbList","@id":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/cybersecurity-regulation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Regulation"}]},{"@type":"WebSite","@id":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/#website","url":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/","name":"Haavind Tech Insight","description":"Stay ahead with our digital roadmap of EU Tech regulations","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/wp-json\/wp\/v2\/tech-insight\/7277"}],"collection":[{"href":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/wp-json\/wp\/v2\/tech-insight"}],"about":[{"href":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/wp-json\/wp\/v2\/types\/tech-insight"}],"version-history":[{"count":5,"href":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/wp-json\/wp\/v2\/tech-insight\/7277\/revisions"}],"predecessor-version":[{"id":7772,"href":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/wp-json\/wp\/v2\/tech-insight\/7277\/revisions\/7772"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/wp-json\/wp\/v2\/media\/7668"}],"wp:attachment":[{"href":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/wp-json\/wp\/v2\/media?parent=7277"}],"wp:term":[{"taxonomy":"tech-insight-category","embeddable":true,"href":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/wp-json\/wp\/v2\/tech-insight-category?post=7277"},{"taxonomy":"tech-insight-jurisdiction","embeddable":true,"href":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/wp-json\/wp\/v2\/tech-insight-jurisdiction?post=7277"},{"taxonomy":"tech-insight-status","embeddable":true,"href":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/wp-json\/wp\/v2\/tech-insight-status?post=7277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}