83 Amendments of Theresa GRIFFIN related to 2018/0328(COD)
Amendment 115 #
Proposal for a regulation
Recital 1 a (new)
Recital 1 a (new)
(1a) Cybercrime is a fast growing threat to the Union, its citizens and its economy. In 2017, 80 % of the European companies have experienced at least one cyber incident. The Wannacry-attack in May 2017 affected more than 150 countries and 230 000IT-systems and had significant impacts on critical infrastructures such as hospitals. This underlines the necessity for the highest cybersecurity standards and holistic cybersecurity solutions, involving people, products, processes and technology in the Union, as well as for European leadership in the matter, and for Digital autonomy.
Amendment 116 #
Proposal for a regulation
Recital 1 b (new)
Recital 1 b (new)
(1b) This regulation contributes to the protection of the environment through the protection of environment-relevant infrastructures and networks such as nuclear infrastructures.
Amendment 117 #
Proposal for a regulation
Recital 1 c (new)
Recital 1 c (new)
(1c) This regulation contributes to the achievement of the Sustainable Development Goals, in particular to the goal “Industry, innovation and infrastructure”.
Amendment 118 #
Proposal for a regulation
Recital 1 d (new)
Recital 1 d (new)
(1d) The Competence Centre and the Cybersecurity Competence Community should, in order to foster European competitiveness and highest cybersecurity standards internationally, seek the exchange on cybersecurity solutions, products and standards with the international community.
Amendment 120 #
Proposal for a regulation
Recital 6
Recital 6
(6) A wealth of expertise and experience in cybersecurity research, technology and industrial development exists in the Union but the efforts of industrial and research communities are fragmented, lacking alignment and a common mission, which hinders competitiveness and effective protection of critical data, networks and systems in this domain. These efforts and expertise need to be pooled, networked and used in an efficient manner to reinforce and complement existing research, technology, skills and industrial capacities at Union and national levels.
Amendment 121 #
Proposal for a regulation
Recital 6 a (new)
Recital 6 a (new)
Amendment 127 #
Proposal for a regulation
Recital 12
Recital 12
(12) National Coordination Centres should be selected by Member States and approved by the Competence Centre. In addition to the necessary administrative capacity, Centres should either possess or have direct access to cybersecurity technological expertise in cybersecurity, notably in domains such as cryptography, ICT security services, intrusion detection, system security, network security, software and application security, or human and socie, societal and environmental aspects of security and privacy. They should also have the capacity to effectively engage and coordinate with the industry, the public sector, including authorities designated pursuant to the Directive (EU) 2016/1148 of the European Parliament and of the Council23 , and the research community in order to establish a continuous public- private dialogue on cybersecurity. _________________ 23 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (OJ L 194, 19.7.2016, p. 1).
Amendment 129 #
Proposal for a regulation
Recital 14
Recital 14
(14) Emerging technologies such as artificial intelligence, Internet of Things, high-performance computing (HPC) and quantum computing, blockchain and concepts such as secure digital identities create at the same time new challenges for cybersecurity as well as offer solutions. Additional challenges exist in the form of algorithmic bias, particularly in social media. Assessing and validating the robustness of existing or future ICT systems will require testing security solutions against attacks run on HPC and quantum machines. The Competence Centre, the Network and the Cybersecurity Competence Community should help advance and disseminate the latest cybersecurity solutions and assist with the attribution of cyber attacks, where they take place. At the same time the Competence Centre and the Network should be at the service of developers and operators in critical sectors such as transport, energy, health, financial, government, telecom, manufacturing, defence, and space to help them solve their cybersecurity challenges.
Amendment 135 #
Proposal for a regulation
Recital 14 a (new)
Recital 14 a (new)
(14a) Due to the fast changing nature of cyber threats and cybersecurity, the Union needs to be able to adapt fast and continuously to new developments in the field. Hence, the Competence Centre, the Cybersecurity Competence Network and the Cybersecurity Competence Community should be flexible enough to ensure the required reactivity. They should facilitate solutions that help entities to be able to constantly build capability to enhance their and the Union’s resilience.
Amendment 137 #
Proposal for a regulation
Recital 15
Recital 15
(15) The Competence Centre should have several key functions. First, the Competence Centre should facilitate and help coordinate the work of the European Cybersecurity Competence Network and nurture the Cybersecurity Competence Community. The Centre should drive the cybersecurity technological agenda and pool, share and facilitate access to the expertise gathered in the Network and the Cybersecurity Competence Community, and to cybersecurity infrastructure. Secondly, it should implement relevant parts of Digital Europe and Horizon Europe programmes by allocating grants, typically following a competitive call for proposals. Thirdly, the Competence Centre should facilitate joint investment by the Union, Member States and/or industr, training opportunities and awareness raising programmes in line with the Digital Europe Programme for citizens and businesses to overcome the skill gap by the Union, Member States and/or industry. It should pay special attention to the enabling of SMEs in the area of cybersecurity.
Amendment 141 #
Proposal for a regulation
Recital 16
Recital 16
(16) The Competence Centre should stimulate and support the long-term strategic cooperation and coordination of the activities of the Cybersecurity Competence Community, which would involve a large, open, interdisciplinary and diverse group of European actors involved in cybersecurity technology. That Community should include in particular research entities, supply-side industries, and demand -side industries including SMEs, and the public sector. The Cybersecurity Competence Community should provide input to the activities and work plan of the Competence Centre and it should also benefit from the community- building activities of the Competence Centre and the Network, but otherwise should not be privileged with regard to calls for proposals or calls for tender.
Amendment 144 #
Proposal for a regulation
Recital 17
Recital 17
(17) In order to respond to the needs of the public sector and both demand and supply side industries, the Competence Centre’s task to provide cybersecurity knowledge and technical assistance to the public sector and industries should refer to both ICT products and services and all other industrial and technological products and solutions in which cybersecurity is to be embedded.
Amendment 150 #
Proposal for a regulation
Recital 20
Recital 20
(20) Appropriate provisions should be made to guarantee the liability and transparency of the Competence Centre and those undertakings receiving funding.
Amendment 155 #
Proposal for a regulation
Recital 21 a (new)
Recital 21 a (new)
Amendment 159 #
Proposal for a regulation
Recital 25
Recital 25
(25) In order for the Competence Centre to function properly and effectively, the Commission and the Member States should ensure that persons to be appointed to the Governing Board have appropriate professional expertise and experience in functional areas and that gender balance is ensured. The Commission and the Member States should also make efforts to limit the turnover of their respective Representatives on the Governing Board in order to ensure continuity in its work.
Amendment 160 #
Proposal for a regulation
Recital 25
Recital 25
(25) In order for the Competence Centre to function properly and effectively, the Commission and the Member States should ensure that persons to be appointed to the Governing Board have appropriate professional expertise and experience in functional areas and is gender balanced. The Commission and the Member States should also make efforts to limit the turnover of their respective Representatives on the Governing Board in order to ensure continuity in its work.
Amendment 162 #
Proposal for a regulation
Recital 26
Recital 26
(26) The smooth functioning of the Competence Centre requires that its Executive Director be appointed onin a transparent manner on the grounds of merit and documented administrative and managerial skills, as well as competence and experience relevant for cybersecurity, and that the duties of the Executive Director be carried out with complete independence.
Amendment 163 #
Proposal for a regulation
Recital 27
Recital 27
(27) The Competence Centre should have an Industrial and Scientific Advisory Board as an advisory body to ensure regular dialogue with the private sectorand public sector, including SMEs, consumers’ organisations and other relevant stakeholders from all parts of the Union. The Industrial and Scientific Advisory Board should focus on issues relevant to stakeholders and bring them to the attention of the Competence Centre’s Governing Board. The composition of the Industrial and Scientific Advisory Board and the tasks assigned to it, such as being consulted regarding the work plan, should ensure sufficient representation of the above-mentioned stakeholder groups in the work of the Competence Centre.
Amendment 164 #
Proposal for a regulation
Recital 27
Recital 27
(27) The Competence Centre should have an Industrial and Scientific Advisory Board as an advisory body to ensure regular and appropriately transparent dialogue with the private sector, consumers’ organisations and other relevant stakeholders. The Industrial and Scientific Advisory Board should focus on issues relevant to stakeholders and bring them to the attention of the Competence Centre’s Governing Board. The composition of the Industrial and Scientific Advisory Board and the tasks assigned to it, such as being consulted regarding the work plan, should ensure sufficient representation of stakeholders in the work of the Competence Centre.
Amendment 165 #
Proposal for a regulation
Recital 28
Recital 28
(28) The Competence Centre and its activities should benefit from the particular expertise and the broad and relevant stakeholders’ representation built through the contractual public-private partnership on cybersecurity during the duration of Horizon2020, through its Industrial and Scientific Advisory Board. and the pilot projects under Horizon2020 on the Cybersecurity Competence Network, through its Industrial and Scientific Advisory Board. The Competence Centre and Industrial and Scientific Advisory Board should, if appropriate, consider replications of existing structures, for example as working groups.
Amendment 167 #
Proposal for a regulation
Recital 34
Recital 34
(34) Since tThe objectives of this Regulation, namely the development of European leadership in cybersecurity through retaining and developing Union’s cybersecurity technological and industrial capacities, increasing the competitiveness of the Union’s cybersecurity industry and turning cybersecurity into a competitive advantage of other Union industries, cannot be sufficiently achieved by the Member States due the fact that existing, limited resources are dispersed as well as due to the scale of the investment necessary, but can rather by reason of avoiding unnecessary duplication of these efforts, helping to achieve critical mass of investment and ensuring that public financing is used in an optimal way be better achieved at Union level. In addition, only actions on the European level can ensure the highest level of cybersecurity in all Member States and thus close security gaps existing in some Member States that create security gaps for the whole Union. Hence, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve that objective.
Amendment 173 #
Proposal for a regulation
Article 1 – paragraph 4
Article 1 – paragraph 4
4. The Competence Centre shall not have a legal personality. In each Member State, it shall enjoy the most extensive legal capacity accorded to legal persons under the laws of that Member State. It may, in particular, acquire or dispose of movable and immovable property and may be a party to legal proceedingst shall be a Task Force set up by the Commission, including by providing appropriate staff for the activities of the Competence Centre as laid down by the present Regulation.
Amendment 174 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1
Article 2 – paragraph 1 – point 1
(1) ‘cybersecurity’ means theall activities necessary to protection of network and information systems, their users, and otheraffected persons againstfrom cyber threats;
Amendment 176 #
Proposal for a regulation
Article 2 – paragraph 1 – point 2
Article 2 – paragraph 1 – point 2
(2) ‘cybersecurity products and solutions’ means ICT products, services or processes with the specific purpose of protecting data, network and information systems, their users and affected persons from cyber threats;
Amendment 178 #
Proposal for a regulation
Article 2 – paragraph 1 – point 4
Article 2 – paragraph 1 – point 4
Amendment 181 #
Proposal for a regulation
Article 3 – paragraph 1 – point a
Article 3 – paragraph 1 – point a
(a) retain and develop the cybersecurity technological and industrial capacities and expertise necessary to secure and further the protection of data of European citizens and companies, critical infrastructures for the functioning of society such as transport systems, health systems, banking, and its Digital Single Market;
Amendment 182 #
Proposal for a regulation
Article 3 – paragraph 1 – point b a (new)
Article 3 – paragraph 1 – point b a (new)
(ba) develop European leadership in cybersecurity and ensure the highest cybersecurity standards throughout the Union reinforcing its Digital autonomy;
Amendment 183 #
Proposal for a regulation
Article 3 – paragraph 1 – point b b (new)
Article 3 – paragraph 1 – point b b (new)
(bb) reinforce the trust of citizens, consumers and businesses in the digital world, and therefore contributing to the goals of the Digital Single Market Strategy;
Amendment 184 #
Proposal for a regulation
Article 3 – paragraph 1 – point b c (new)
Article 3 – paragraph 1 – point b c (new)
(bc) increase the uptake of cybersecurity products and solutions developed within the Union;
Amendment 185 #
Proposal for a regulation
Article 3 – paragraph 1 – point b d (new)
Article 3 – paragraph 1 – point b d (new)
(bd) raise awareness on cybersecurity and reduce the skill gap in cybersecurity in the Union
Amendment 194 #
Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point a
Article 4 – paragraph 1 – point 3 – point a
(a) having regard to the state-of-the-art cybersecurity industrial and research infrastructures and related services , acquiring, upgrading, operating and making available such infrastructures and related services to a wide range of users across the Union from industry, including particular SMEs, the public sector and the research and scientific community;
Amendment 196 #
Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point b
Article 4 – paragraph 1 – point 3 – point b
(b) having regard to the state-of-the-art cybersecurity industrial and research infrastructures and related services, providing support to other entities, including financially, to acquiring, sharing, upgrading, operating and making available such infrastructures and related services to a wide range of users across the Union from industry, including particular SMEs, the public sector and the research and scientific community;
Amendment 197 #
Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point c
Article 4 – paragraph 1 – point 3 – point c
(c) providing cybersecurity knowledge and technical assistance to industry, research institutions and public authorities, in particular by supporting actions aimed at facilitating access to the expertise available in the Network and the Cybersecurity Competence Community;
Amendment 202 #
Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point c b (new)
Article 4 – paragraph 1 – point 3 – point c b (new)
(cb) bringing together stakeholders from industry, trade unions, academia, research organisations and public entities to ensure long-term cooperation on developing and implementing cybersecurity products and solutions, including pooling and sharing of resources and information regarding such products and solutions if appropriate;
Amendment 204 #
Proposal for a regulation
Article 4 – paragraph 1 – point 4 – introductory part
Article 4 – paragraph 1 – point 4 – introductory part
4. contribute to the wide deployment of state-of-the-art cyber security products and solutions across the economy, by carrying out the following tasks in accordance with the principles of equal treatment and no discrimination and the requirements of Directive 2014/24/EU:
Amendment 208 #
Proposal for a regulation
Article 4 – paragraph 1 – point 4 – point a
Article 4 – paragraph 1 – point 4 – point a
(a) stimulating cybersecurity research, development and the uptake of Union cybersecurity products and solutions by public authorities and user industries; in the Union;
Amendment 212 #
Proposal for a regulation
Article 4 – paragraph 1 – point 4 – point c
Article 4 – paragraph 1 – point 4 – point c
(c) supporting in particular public authorities in organising their public procurement, or carrywhen explicitly requested, supporting public authorities in providing guidance on public procurement procedures, including outfor procurement of state-of-the-art cybersecurity products and solutions on behalf of public authorities;
Amendment 213 #
Proposal for a regulation
Article 4 – paragraph 1 – point 4 – point d
Article 4 – paragraph 1 – point 4 – point d
(d) providing financial support and technical assistance to cybersecurity start- ups and SMEs to connect to potential markets and to attract investment, enhance expertise on cybersecurity in these companies and to attract investment to be able to implement cybersecurity products and solutions and/or to become competitive players in the field;
Amendment 215 #
Proposal for a regulation
Article 4 – paragraph 1 – point 5 – point a
Article 4 – paragraph 1 – point 5 – point a
(a) supporting further development, pooling and sharing of cybersecurity skills and competences, where appropriate together with relevant EU agencies and bodies including ENISA and supporting the objective on advanced digital skills of the Digital Europe Programme where appropriate.
Amendment 216 #
Proposal for a regulation
Article 4 – paragraph 1 – point 5 – point a
Article 4 – paragraph 1 – point 5 – point a
(a) supporting further development of cybersecurity skills at all educational levels, where appropriate together with relevant EU agencies and bodies including ENISA.
Amendment 220 #
Proposal for a regulation
Article 4 – paragraph 1 – point 5 – point a a (new)
Article 4 – paragraph 1 – point 5 – point a a (new)
(aa) Supporting initiatives designed to develop cyber talent across the EU, with a focus on developing gender balanced cyber skills in primary, secondary and tertiary education.
Amendment 226 #
Proposal for a regulation
Article 4 – paragraph 1 – point 7 – point c
Article 4 – paragraph 1 – point 7 – point c
(c) bringing together stakeholders, to foster synergies between civil and defence cyber security research and markets, development of cybersecurity products and solutions, and markets; in line with the Union goals as laid out by Common Foreign and Security Policy and the Permanent Structured Cooperation;
Amendment 229 #
8a. provide special support to SMEs by facilitating their access to knowledge and training through tailored access to the deliverables of the Competences Centres in order to allow them to secure themselves sufficiently and to allow those who are active in cybersecurity to become more competitive and to contribute thereby to the European leadership in the field.
Amendment 236 #
Proposal for a regulation
Article 6 – paragraph 4
Article 6 – paragraph 4
4. The nominated National Coordination Centre shall have the capability to support the Competence Centre and the Network in fulfilling their mission laid out in Article 3 of this Regulation. They shall possess or have direct access to technological expertise in cybersecurity and be in a position to effectively engage and coordinate with industry, the public sector and, the research community and citizens.
Amendment 242 #
Proposal for a regulation
Article 7 – paragraph 1 – point b a (new)
Article 7 – paragraph 1 – point b a (new)
Amendment 244 #
Proposal for a regulation
Article 7 – paragraph 1 – point c a (new)
Article 7 – paragraph 1 – point c a (new)
(ca) cooperating closely with National Standardisation Organisations to ensure the uptake of existing standards and to involve all relevant stakeholders, particularly SMEs, in setting new standards.
Amendment 245 #
Proposal for a regulation
Article 7 – paragraph 1 – point e
Article 7 – paragraph 1 – point e
(e) seeking to establish synergies with relevant activities at the national and, regional and local level;
Amendment 253 #
Proposal for a regulation
Article 8 – paragraph 2
Article 8 – paragraph 2
2. The Cybersecurity Competence Community shall consist of industry, academic and non-profit research organisations, and associations as well as public entities and other entities dealing with operational and technical matters. It shall bring together the main stakeholders with regard to cybersecurity technological and industrial capacities in the Union. It shall involve National Coordination Centres as well as Union institutions and bodies with relevant expertise..
Amendment 255 #
Proposal for a regulation
Article 8 – paragraph 3 – introductory part
Article 8 – paragraph 3 – introductory part
3. Only entities which are established within the Union may be accredited as members of the Cybersecurity Competence Community. Entities established in the Union but controlled by third country entities shall be eligible provided the Union has signed an agreement on cybersecurity cooperation. They shall demonstrate that they have cybersecurity expertise with regard to at least one of the following domains:
Amendment 257 #
Proposal for a regulation
Article 8 – paragraph 3 – introductory part
Article 8 – paragraph 3 – introductory part
3. Only eEntities which are established within the Union may be accredited as members of the Cybersecurity Competence Community. They shall demonstrate that they have cybersecurity expertise in one or more EU Member States with regard to at least one of the following domains:
Amendment 258 #
Proposal for a regulation
Article 8 – paragraph 3 – point b
Article 8 – paragraph 3 – point b
(b) industrial or product development;
Amendment 259 #
Proposal for a regulation
Article 8 – paragraph 3 – point c a (new)
Article 8 – paragraph 3 – point c a (new)
(ca) information security operations;
Amendment 260 #
Proposal for a regulation
Article 8 – paragraph 3 – point c b (new)
Article 8 – paragraph 3 – point c b (new)
(cb) scientific or technical partnerships or cooperation with academic and/ or public authorities as defined under Article 2 (3).
Amendment 261 #
Proposal for a regulation
Article 8 – paragraph 4
Article 8 – paragraph 4
4. The Competence Centre shall accredit entities established under national law as members of the Cybersecurity Competence Community after an assessment made by the National Coordination Centre of the Member State where the entity is established,based on an assessment on whether thatan entity meets the criteria provided for in paragraph 3. An accreditation shall not be limited in time but may be revoked by the Competence Centre at any time if it or the relevant National Coordination Centre considers thatif the entity does notstops fulfilling the criteria set out in paragraph 3 or it falls under the relevant provisions set out in Article 136 of Regulation XXX [new financial regulation].
Amendment 263 #
Proposal for a regulation
Article 8 – paragraph 4
Article 8 – paragraph 4
4. The Competence Centre shall accredit entities established under national law as members of the Cybersecurity Competence Community after an harmonised assessment made by the National Coordination Centre of the Member State and the Competence Centre where the entity is established, on whether that entity meets the criteria provided for in paragraph 3. An accreditation shall not be limited in time but may be revoked by the Competence Centre at any time if it or the relevant National Coordination Centre considers that the entity does not fulfil the criteria set out in paragraph 3 or it falls under the relevant provisions set out in Article 136 of Regulation XXX [new financial regulation].
Amendment 268 #
Proposal for a regulation
Article 9 – paragraph 1 – point 5 a (new)
Article 9 – paragraph 1 – point 5 a (new)
(5a) encourage Community members that are manufacturers and service providers to certify their products and services under certification schemes adopted under the Cybersecurity Act.
Amendment 272 #
Proposal for a regulation
Article 10 – paragraph 2 a (new)
Article 10 – paragraph 2 a (new)
2a. The Competence Centre shall in particular contribute to the work of ENISA with regard to the implementation of Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union and to the Regulation (EU) 2018/XXX of the European Parliament and of the Council of YYY on ENISA, the “EU Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (‘‘Cybersecurity Act’’).
Amendment 273 #
Proposal for a regulation
Article 11 – paragraph 2 – point b
Article 11 – paragraph 2 – point b
(b) anthe Executive Director who shall exercise the tasks set out in Article 16of ENISA, the EU Cybersecurity Agency;
Amendment 276 #
Proposal for a regulation
Article 12 – paragraph 1
Article 12 – paragraph 1
1. The Governing Board shall be composed of one representative of each Member State, and five representatives of the Commission, on behalf of the Unionby the Members of the Management Board of ENISA, the EU Cybersecurity Agency.
Amendment 279 #
Proposal for a regulation
Article 12 – paragraph 3
Article 12 – paragraph 3
Amendment 281 #
Proposal for a regulation
Article 12 – paragraph 3
Article 12 – paragraph 3
3. Members of the Governing Board and their alternates shall be appointed in light of their knowledge in the field of technology as well as of relevant managerial, administrative and budgetary skills. The Commission and the Member States shall make efforts to limit the turnover of their representatives in the Governing Board, in order to ensure continuity of the Board’s work. The Commission and the Member States shall aim to achievensure a balanced representation between men and women on the Governing Board.
Amendment 282 #
Proposal for a regulation
Article 12 – paragraph 4
Article 12 – paragraph 4
Amendment 283 #
Proposal for a regulation
Article 12 – paragraph 5
Article 12 – paragraph 5
Amendment 290 #
Proposal for a regulation
Article 13 – paragraph 3 – point d
Article 13 – paragraph 3 – point d
Amendment 293 #
Proposal for a regulation
Article 13 – paragraph 3 – point f
Article 13 – paragraph 3 – point f
(f) appoint, dismiss, extend the term of office of, provide guidance to and monitor the performance of the Executive Director, and appoint the Accounting Officer;
Amendment 295 #
Proposal for a regulation
Article 13 – paragraph 3 – point l
Article 13 – paragraph 3 – point l
(l) promote the Competence Centre globally, so as to raise its attractiveness and make it an internationally renowned world-class body for excellence in cybersecurity;
Amendment 296 #
(qa) adopt transparency rules for the Competence Centre;
Amendment 297 #
Proposal for a regulation
Article 13 – paragraph 3 – point r
Article 13 – paragraph 3 – point r
(r) adopt an anti-fraud and anti- corruption strategy that is proportionate to the fraud and corruption risks having regard to a cost-benefit analysis of the measures to be implemented, as well as adopt adequate protection measures for whistleblowers;
Amendment 301 #
Proposal for a regulation
Article 13 – paragraph 3 a (new)
Article 13 – paragraph 3 a (new)
3a. In deciding on the work plan and multi-annual strategic plan of the Competence Centre, the Governing Board shall take account of the advice provided by ENISA.
Amendment 302 #
Proposal for a regulation
Article 14 – paragraph 1
Article 14 – paragraph 1
1. The Governing Board shall electhave a Chairperson and a Deputy Chairperson from among the members with voting rights, for a period of two years. The mandate of, which shall be respectively the Chairperson and the Deputy Chairperson may be extended once, following a decision by the Governing Board. If, however, their membership of the Governing Board ends at any time during their term of office, their term of office shall automatically expire on that date. The Deputy Chairpersonof the Management Board of ENISA. Their mandate shall bex officio replace the Chairperson if the latter is unable to attend to hi the same duration as for her duties. The Chairperson shall take part in the votingthe Management Board of ENISA.
Amendment 303 #
Proposal for a regulation
Article 14 – paragraph 1
Article 14 – paragraph 1
1. The Governing Board shall elect a Chairperson and a Deputy Chairperson from among the members with voting rights, for a period of two years, taking into account gender balance. The mandate of the Chairperson and the Deputy Chairperson may be extended once, following a decision by the Governing Board. If, however, their membership of the Governing Board ends at any time during their term of office, their term of office shall automatically expire on that date. The Deputy Chairperson shall ex officio replace the Chairperson if the latter is unable to attend to his or her duties. The Chairperson shall take part in the voting.
Amendment 304 #
Proposal for a regulation
Article 14 – paragraph 2
Article 14 – paragraph 2
2. The Governing Board shall hold its ordinary meetings at least three times a year. These meetings will be extraordinary to the meetings foreseen for the Management Board of ENISA as defined under regulation [Regulation of the EU Cybersecurity Act]. It may hold extraordinary meetings at the request of the Commission, at the request of one third of all its members, at the request of the chair, or at the request of the Executive Director in the fulfilment of his/her tasks.
Amendment 305 #
Proposal for a regulation
Article 14 – paragraph 6
Article 14 – paragraph 6
6. The Competence CentreENISA shall provide the secretariat for the Governing Board.
Amendment 306 #
Proposal for a regulation
Article 15 – paragraph 1
Article 15 – paragraph 1
Amendment 310 #
Proposal for a regulation
Article 15 – paragraph 2
Article 15 – paragraph 2
Amendment 313 #
Proposal for a regulation
Article 15 – paragraph 3
Article 15 – paragraph 3
3. The Governing Board shall take its decisions by a majority of at least 75% of all votes, including the votes of the members who are absent, representing at least 75% of the total financial contributions to the Competence Centre. The financial contribution will be calculated based on the estimated expenditures proposed by the Member States referred to in point c of Article 17(2) and based on the report on the value of the contributions of the participating Member States referred to in Article 22(5).
Amendment 316 #
Proposal for a regulation
Article 16
Article 16
Appointment, dismissal or extension of the term of office of the Executive 1. The Executive Director shall be a person with expertise and high reputation in the areas where the Competence Centre operates. 2. The Executive Director shall be engaged as a temporary agent of the Competence Centre under Article 2(a) of the Conditions of Employment of Other Servants. 3. The Executive Director shall be appointed by the Governing Board from a list of candidates proposed by the Commission, following an open and transparent selection procedure. 4. For the purpose of concluding the contract of the Executive Director, the Competence Centre shall be represented by the Chairperson of the Governing Board. 5. The term of office of the Executive Director shall be four years. By the end of that period, the Commission shall carry out an assessment which takes into account the evaluation of the performance of the Executive Director and the Competence Centre’s future tasks and challenges. 6. The Governing Board may, acting on a proposal from the Commission which takes into account the assessment referred to in paragraph 5, extend once the term of office of the Executive Director for no more than four years. 7. An Executive Director whose term of office has been extended may not participate in another selection procedure for the same post. 8. The Executive Director shall be removed from office only by decision of the Governing Board, acting on a proposal from the Commission.rticle 16 deleted Director
Amendment 318 #
Proposal for a regulation
Article 16 – paragraph 3
Article 16 – paragraph 3
3. The Executive Director shall be appointed by the Governing Board from a list of candidates proposed by the Commission, following an open, non- discriminatory and transparent selection procedure.
Amendment 324 #
Proposal for a regulation
Article 17 – paragraph 2 – point s
Article 17 – paragraph 2 – point s
(s) prepare an action plan following-up conclusions of internal or external audit reports, as well as investigations by the European Anti-Fraud Office (OLAF) and reporting on progress twice a year to the Commission, the European Parliament and regularly to the Governing Board;
Amendment 326 #
Proposal for a regulation
Article 18 – paragraph 1
Article 18 – paragraph 1
1. The Industrial and Scientific Advisory Board shall consist of no more than 1625 members. The members shall be appointed by the Governing Board according to an open, transparent and non-discriminatory procedure from among the representatives of the entities of the Cybersecurity Competence Community. In the determination of its members, existing European cybersecurity organisations shall be particularly taken into consideration. The Governing Board shall further ensure the representation from supply- and demand- side industry, SMEs, the public sector and research organisations.
Amendment 345 #
Proposal for a regulation
Article 20 – paragraph 1 – introductory part
Article 20 – paragraph 1 – introductory part
The Industrial and Scientific Advisory Board shall regularly advise the Competence Centre in respect of the performance of its activities and shall:
Amendment 356 #
Proposal for a regulation
Article 22 – paragraph 1
Article 22 – paragraph 1
Amendment 363 #
Proposal for a regulation
Article 31 – paragraph 7
Article 31 – paragraph 7
7. The staff of the Competence Centre shall be gender balanced and consist of temporary staff and contract staff.