The Commission has just published a little bunch of things on security.

As a very simple guide: a “Communication” is about what could happen, a “Report” is about what has happened and the “Regulation” is about changing ENISA.

A lot of reading! Too much? But of interest to various WGs, including of course the Cooperation WG and the new IoT community?

So:

A COMMUNICATION from the Commission to the European Parliament and the Council. Making the most of NIS – towards the effective implementation of Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union 
https://ec.europa.eu/transparency/regdoc/rep/1/2017/EN/COM-2017-476-F1-EN-MAIN-PART-1.PDF
https://ec.europa.eu/transparency/regdoc/rep/1/2017/EN/COM-2017-476-F1-EN-ANNEX-1-PART-1.PDF

A REPORT from the Commission to the European Parliament and the Council assessing the extent to which member states have taken the necessary measures to comply with Directive 2013/40/EU on attacks against information systems and replacing Council Framework Decision 2005/222/JHA
https://ec.europa.eu/transparency/regdoc/rep/1/2017/EN/COM-2017-474-F1-EN-MAIN-PART-1.PDF                           

A REPORT from the Commission to the European Parliament and the Council on the evaluation of the European Union Agency for Network and Information Security (ENISA) 
https://ec.europa.eu/transparency/regdoc/rep/1/2017/EN/COM-2017-478-F1-EN-MAIN-PART-1.PDF

A Proposal for a REGULATION of the European Parliament and of the Council on ENISA, the "EU Cybersecurity Agency", and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (''Cybersecurity Act'') 
https://ec.europa.eu/transparency/regdoc/rep/1/2017/EN/COM-2017-477-F1-EN-MAIN-PART-1.PDF


Gordon