The Commission has just published a little bunch of things on security. As a very simple guide: a “Communication” is about what could happen, a “Report” is about what has happened and the “Regulation” is about changing ENISA. A lot of reading! Too much? But of interest to various WGs, including of course the Cooperation WG and the new IoT community? So: A COMMUNICATION from the Commission to the European Parliament and the Council. Making the most of NIS – towards the effective implementation of Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union https://ec.europa.eu/transparency/regdoc/rep/1/2017/EN/COM-2017-476-F1-EN-MA... https://ec.europa.eu/transparency/regdoc/rep/1/2017/EN/COM-2017-476-F1-EN-AN... A REPORT from the Commission to the European Parliament and the Council assessing the extent to which member states have taken the necessary measures to comply with Directive 2013/40/EU on attacks against information systems and replacing Council Framework Decision 2005/222/JHA https://ec.europa.eu/transparency/regdoc/rep/1/2017/EN/COM-2017-474-F1-EN-MA... A REPORT from the Commission to the European Parliament and the Council on the evaluation of the European Union Agency for Network and Information Security (ENISA) https://ec.europa.eu/transparency/regdoc/rep/1/2017/EN/COM-2017-478-F1-EN-MA... A Proposal for a REGULATION of the European Parliament and of the Council on ENISA, the "EU Cybersecurity Agency", and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (''Cybersecurity Act'') https://ec.europa.eu/transparency/regdoc/rep/1/2017/EN/COM-2017-477-F1-EN-MA... Gordon