7 Amendments of Olivier CHASTEL related to 2022/0085(COD)
Amendment 15 #
Proposal for a regulation
Recital 8
Recital 8
(8) In order to avoid imposing a disproportionate financial and administrative burden on Union institutions, bodies and agencies, the cybersecurity risk management requirements should be proportionate to the risk presented by the network and information system concerned, taking into account the state of the art of such measures. Each Union institution, body and agency should aim to allocate an adequate percentage of its IT budget to improve its level of cybersecurity; in the longer term a target in the order of 10% should be pursued. In accordance with the EDPS recommendation, the minimum security requirements laid down by this Regulation should be equal to or higher than this minimum security requirements of the entities of NIS and NIS 2.0 proposals.
Amendment 16 #
Proposal for a regulation
Recital 8 a (new)
Recital 8 a (new)
(8 a) In the current geopolitical context, it is essential that the confidentiality of data be 24 hours a day, 7 days a week protected against cyber threat by specialised and operational teams.
Amendment 17 #
Proposal for a regulation
Recital 8 a (new)
Recital 8 a (new)
(8 a) In order to be able to guarantee an effective cybersecurity framework, CERT- EU requires stable, highly qualified and specialised staff. Those staff should have access to continuous training programs.
Amendment 19 #
Proposal for a regulation
Recital 10 a (new)
Recital 10 a (new)
(10 a) In its report of 15 February 2022 "Preliminary Remarks on Modern Spyware", the EDPS invited Members States to renounce the use and development on European soil of software such as Pegasus which might affect the right to privacy, the democracy and the rule of law, and could therefore be incompatible with the democratic values and the legal order of the Union;
Amendment 20 #
Proposal for a regulation
Recital 11
Recital 11
(11) In May 2011, the Secretaries- General of the Union institutions and bodies decided to establish a pre- configuration team for a computer emergency response team for the Union’s institutions, bodies and agencies (CERT- EU) supervised by an inter-institutional Steering Board. In July 2012, the Secretaries-General confirmed the practical arrangements and agreed to maintain CERT-EU as a permanent entity to continue to help improve the overall level of information technology security of the Union’s institutions, bodies and agencies as an example of visible inter-institutional cooperation in cybersecurity. In September 2012, CERT-EU was established as a permanent Taskforce of the European Commission with an interinstitutional mandate. In December 2017, the Union institutions and bodies concluded an interinstitutional arrangement on the organisation and operation of CERT-EU3 . This arrangement should continue to evolve to support the implementation of this Regulation. _________________ 3 OJ C 12, 13.1.2018, p. 1–11.
Amendment 23 #
Proposal for a regulation
Recital 25 a (new)
Recital 25 a (new)
(25 a) On 9 March 2022, the EU Ministers of Telecommunications signed a declaration calling on the Commission to create an Emergency Response fund for cybersecurity to prepare the Union to face up to a large-scale cyber-threat. They ask the Cyber authorities concerned to make recommendations aimed at strengthening the empowerment and the resilience of Europe's digital infrastructures and connexions.
Amendment 30 #
Proposal for a regulation
Article 15 – paragraph 3
Article 15 – paragraph 3
3. CERT-EU tasks and activities, including services provided by CERT-EU pursuant to Article 12(2), (3), (4), (6), and Article 13(1) to Union institutions, bodies and agencies financed from the heading of the multiannual financial framework dedicated to European public administration, shall be funded through a distinct budget line of the Commission budget. CERT-EU earmarked posts shall be detailed in a footnote to the Commission establishment plan. This establishment plan shall be subject to a midterm review, every 2,5 years.