2018/0328(COD) | [ParlTrack]

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point a

(a) having regard to the state-of-the-art cybersecurity industrial and research infrastructures and related services , acquiring, upgrading, operating and making available such infrastructures and related services in a fair, open and transparent way to a wide range of users across the Union from industry including SMEs, the public sector and the research and scientific community;

Amendment 101 #

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point a a (new)

(a a) facilitating access to facilities and related services other than its own to a wide range of users and stakeholders, where these are made available;

Amendment 102 #

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point b

(b) ~~having regard to the state-of-the- art cybersecurity industrial and research infrastructures and related services,~~ providing support to other entities, including financially, to acquiring, upgrading, operating and making available such ~~infrastructur~~facilities and related services to a wide range of users a~~cross the Union from industry including SMEs, the public sector and the research and scientific community~~nd stakeholders;

Amendment 103 #

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point b

(b) having regard to the state-of-the-art cybersecurity industrial and research infrastructures and related services, providing support to other entities, including financially, to acquiring, upgrading, operating and making available such infrastructures and related services to a wide range of users across the Union from industry ~~including~~, especially SMEs, the public sector and the research and scientific community;

Amendment 104 #

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point b a (new)

(b a) providing financial support and technical assistance to cybersecurity start- ups, SMEs, micro-enterprises, individual experts; to Free and Open Source Software projects, commonly used for infrastructure, products and processes; and to civic tech projects;

Amendment 105 #

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point b b (new)

(b b) providing software security code audits and improvements for Free and Open Source Software projects, commonly used for infrastructure, products and processes;

Amendment 106 #

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point c

(c) ~~provid~~facilitating the sharing of cybersecurity knowledge and technical assistance toamong others to civil society, the industry ~~and~~, public authorities, and the academic and research community, in particular by supporting actions aimed at facilitating access to the expertise available in the Network and the Cybersecurity Competence Community;

Amendment 107 #

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point c

(c) providing cybersecurity knowledge and technical assistance to industry, in particular SMEs, the manufacturing and traditional sectors, and public authorities, in particular by supporting actions aimed at facilitating access to the expertise available in the Network and the Cybersecurity Competence Community;

Amendment 108 #

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point c a (new)

(c a) promoting “security by design” as principle in the process of developing, maintaining, operating, and updating infrastructures, products and services; in particular by supporting state-of-the-art secure development methods, adequate security testing, security audits; including the commitment of producer or provider to make available updates remedying new vulnerabilities or threats, without delay, and beyond the estimated product lifetime, or enabling a third party to create and provide such updates;

Amendment 109 #

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point c b (new)

(c b) promoting the development of source code contribution policies, in particular where Free and Open Source Software projects are used, modified, and enhanced in public authorities; and especially where the Free and Open Source Software is commonly used for infrastructure, products and processes;

Amendment 110 #

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – introductory part

4. contribute to the wide deployment of state-of-the-art cyber security products and solutions across the economy, by carrying out the following tasks, in accordance with the principles of equal treatment and no discrimination of Directive 2014/24/EU:

Amendment 111 #

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – introductory part

4. contribute to the wide deployment of state-of-the-art internationally recognized cyber security products and solutions across the economy, by carrying out the following tasks:

Amendment 112 #

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – introductory part

4. contribute to the wide deployment of state-of-the-art and sustainable cyber security products and solutions across the ~~economy~~Union, by carrying out the following tasks:

Amendment 113 #

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – introductory part

4. contribute dynamically to the wide deployment of state-of-the-art cyber security products and solutions across the economy, by carrying out the following tasks:

Amendment 114 #

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – point a

(a) stimulating cybersecurity research, development and the uptake of Union cybersecurity products and solutions, including by public authorities and ~~user~~ industr~~ies~~y;

Amendment 115 #

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – point a a (new)

(a a) supporting cybersecurity research in the field of cyberespionage and IP theft, including through the development of new technologies aimed at blocking transactions involving the purchase of counterfeit goods.

Amendment 116 #

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – point b

(b) assisting public authorities, demand side industries and other users in adopting and integrating ~~the lates~~commonly used, state-of- the-art cyber security products and solutions;

Amendment 117 #

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – point c

(c) supporting in particular public authorities in organising their public procurement, or carrying out procurement of state-of-the-art cybersecurity products and solutions on behalf of public authorities, including by providing support for sustainable procurement;

Amendment 118 #

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – point c

(c) sSupporting in particular public authorities in organising their public procurement, with a focus on socially inclusive sustainable procurement, or carrying out procurement of state-of-the-art cybersecurity products and solutions on behalf of public authorities;

Amendment 119 #

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – point d

(d) providing financial support and technical assistance to cybersecurity start- ups ~~and SMEs~~, SMEs, micro-enterprises, individual experts, commonly used Free and Open Source Software projects, and civic tech projects, to connect to potential markets, deployment opportunities, and to attract investment;

Amendment 120 #

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – point d a (new)

(d a) Stimulating the uptake of cybersecurity certification in line with Regulation of the European Parliament and of the Council on ENISA, the "EU Cybersecurity Agency", and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (''Cybersecurity Act'') COM/2017/0477 final - 2017/0225 (COD).

Amendment 121 #

Proposal for a regulation
Article 4 – paragraph 1 – point 5 – introductory part

5. improve the understanding of cybersecurity ~~and~~, contribute to reducing skills gaps and strengthening the level of skills in the Union related to cybersecurity by carrying out the following tasks:

Amendment 122 #

Proposal for a regulation
Article 4 – paragraph 1 – point 5 – introductory part

5. improve the understanding of cybersecurity, also of private individuals, and contribute to reducing skills gaps in the Union related to cybersecurity by carrying out the following tasks:

Amendment 123 #

Proposal for a regulation
Article 4 – paragraph 1 – point 5 – point -a (new)

(-a) raising awareness for the infrastructure-relevance of some commonly used Free and Open Source Software projects, products and processes in coordination with relevant Union agencies and bodies including ENISA, as well as the Network and the Community;

Amendment 124 #

Proposal for a regulation
Article 4 – paragraph 1 – point 5 – point a

(a) supporting further development of cybersecurity ~~skills , where appropriate together~~processes, skills, and competences; facilitating a common high level of cybersecurity knowledge; and contributing to the resilience of users and infrastructures in the Union in coordination with relevant EU agencies and bodies including ENISA, as well as the Network.

Amendment 125 #

Proposal for a regulation
Article 4 – paragraph 1 – point 5 – point a

(a) supporting further development of cybersecurity skills , where appropriate ~~together~~aligning with relevant EU agencies and bodies including ENISA.

Amendment 126 #

Proposal for a regulation
Article 4 – paragraph 1 – point 5 – point a a (new)

(a a) Ensuring the Competence Centre links to existing work on standardisation, including research into the effects on cybersecurity of existing international standards and any associated certification and/or promotion schemes.

Amendment 127 #

Proposal for a regulation
Article 4 – paragraph 1 – point 5 a (new)

5 a. Supporting alignment and high quality in cybersecurity education and professional training.

Amendment 128 #

Proposal for a regulation
Article 4 – paragraph 1 – point 6 – point a

(a) providing financial support to cybersecurity research efforts based on a common, continuously evaluated and improved multiannual strategic, industrial, technology and research ~~agenda~~plan;

Amendment 129 #

Proposal for a regulation
Article 4 – paragraph 1 – point 6 – point b

(b) supporting large-scale research and demonstration projects in next generation cybersecurity technological capabilities, in collaboration with the industry ~~and~~, the Network, and the Community;

Amendment 130 #

Proposal for a regulation
Article 4 – paragraph 1 – point 6 – point c

(c) supporting research and innovation for formal and non-formal standardisation in cybersecurity ~~technology~~, where appropriate in close cooperation with the European Standardisation Organisations;

Amendment 131 #

Proposal for a regulation
Article 4 – paragraph 1 – point 6 – point c

(c) support research and innovation for standardisation in cybersecurity technology, where appropriate aligning with relevant EU agencies and bodies including ENISA;

Amendment 132 #

Proposal for a regulation
Article 4 – paragraph 1 – point 6 – point c – point i (new)

(i) develop the tools and technologies needed to address constantly evolving threats;

Amendment 133 #

Proposal for a regulation
Article 4 – paragraph 1 – point 6 – point c a (new)

(c a) supporting the development of independent products and processes that can be freely studied, shared, and built upon, in close cooperation with the industry, the Network and the Community.

Amendment 134 #

Proposal for a regulation
Article 4 – paragraph 1 – point 7

7. enhance cooperation between the civil and defence spheres with regard to dual use technologies and applications in cybersecurity, by carrying out the following tasks: (a) supporting Member States and industrial and research stakeholders with regard to research, development and deployment; (b) contributing to cooperation between Member States by supporting education, training and exercises ; (c) bringing together stakeholders, to foster synergies between civil and defence cyber security research and markets;deleted

Amendment 135 #

Proposal for a regulation
Article 4 – paragraph 1 – point 7 – point b

(b) contributing to cooperation between Member States by supporting education, training ~~and~~ ,exercises and applied research;

Amendment 136 #

Proposal for a regulation
Article 4 – paragraph 1 – point 7 – point c

(c) bringing together stakeholders, to foster synergies between civil and defence cyber security research and markets, where appropriate aligning activities with relevant EU agencies and bodies including ENISA;

Amendment 137 #

Proposal for a regulation
Article 4 – paragraph 1 – point 8

8. enhance synergies between the civil and defence dimensions of cybersecurity in relation to the European Defence Fund by carrying out the following tasks: (a) providing advice, sharing expertise and facilitating collaboration among relevant stakeholders; (b) managing multinational cyber defence projects, when requested by Member States, and thus acting as a project manager within the meaning of Regulation XXX [Regulation establishing the European Defence Fund].deleted

Amendment 138 #

Proposal for a regulation
Article 4 – paragraph 1 – point 8 – introductory part

8. enhance synergies between the civil and defence dimensions of cybersecurity, while generally maintaining its constitutionally or legally required division, in relation to the European Defence Fund by carrying out the following tasks:

Amendment 139 #

Proposal for a regulation
Article 4 – paragraph 1 – point 8 – point a

(a) ~~pro~~advidsing ~~advice~~, sharing expertise and facilitating collaboration among relevant stakeholders from the Member States;

Amendment 140 #

Proposal for a regulation
Article 4 – paragraph 1 – point 8 – point b

(b) managing multinational and cross boarder cyber defence projects, when requested by Member States, and thus acting as a project manager within the meaning of Regulation XXX [Regulation establishing the European Defence Fund].

Amendment 141 #

Proposal for a regulation
Article 4 – paragraph 1 – point 8 a (new)

8 a. contribute to the Union’s efforts to enhance cooperation with regard to cybersecurity by: (a) facilitating the participation of the Network and the Community in international conferences; (b) facilitating the contribution of the Network and the Community to standardisation organisations; (c) cooperating with third countries and international organisations within relevant international cooperation frameworks; (d) facilitating the participation of the Governing Board in international governmental organisations; (e) assisting and providing advice to the Commission with regard to the implementation of Regulation (EU) 2019/XXX [recast of Regulation (EC) No 428/2009 as proposed by COM(2016)616]27a; _________________ 27a Regulation (EU) 2019/XXX of the European Parliament and the Council of ... setting up a Community regime for the control of exports, transfer, brokering and transit of dual-use items, and EU restrictive measures in force, in particular as regards the export of cybersurveillance and intrusion technology (OJ L ..., ..., p. ...).

Amendment 142 #

Proposal for a regulation
Article 4 – paragraph 1 – point 8 b (new)

8 b. contributing to the fundamental rights and ethics assessment of cybersecurity research funded by the Competence Centre.

Amendment 143 #

Proposal for a regulation
Article 5 – paragraph 1 – point a a (new)

(a a) ensure that as a result of Union contribution, access is open by default and re-use is possible;

Amendment 144 #

Proposal for a regulation
Article 5 – paragraph 1 – point b

(b) additional rules governing access to and use of an infrastructure or capability.

Amendment 145 #

Proposal for a regulation
Article 5 – paragraph 2

2. The Competence Centre may be responsible for the overall execution of relevant joint procurement actions including pre-commercial procurements on behalf of members of the Network~~, members of the cybersecurity Competence Community, or other third parties representing the users of cybersecurity products and solutions~~. For this purpose, the Competence Centre may be assisted by one or more National Coordination Centres or members of the Cybersecurity Competence Community.

Amendment 146 #

Proposal for a regulation
Article 6 – paragraph 1

1. By ~~[date]~~01.06.2020, each Member State shall nominate the entity to act as the National Coordination Centre for the purposes of this Regulation and notify it to the Commission.

Amendment 147 #

Proposal for a regulation
Article 6 – paragraph 4

4. The nominated National Coordination Centre shall have the capability to support the Competence Centre and the Network in fulfilling their mission laid out in Article 3 of this Regulation. They shall possess or have direct access to technological expertise in cybersecurity and be in a position to effectively engage and coordinate with industry, the public sector and the academic and research community. The Commission shall issue guidelines further detailing the assessment procedure and explaining the application of the criteria.

Amendment 148 #

Proposal for a regulation
Article 6 – paragraph 5

5. The relationship between the Competence Centre and the National Coordination Centres shall be based on a contractual agreement signed between the Competence Centre and each of the National Coordination Centres. The agreement shall ~~provide for~~consist of the same set of general conditions providing the rules governing the relationship and division of tasks between the Competence Centre and each National Coordination Centre and special conditions tailored on the particular National Coordination Centre.

Amendment 149 #

Proposal for a regulation
Article 7 – paragraph 1 – point a

(a) supporting the Competence Centre in achieving its objectives and in particular in establishing and coordinating the Cybersecurity Competence Community;

Amendment 150 #

Proposal for a regulation
Article 7 – paragraph 1 – point b

(b) promoting, encouraging and facilitating the participation of ~~industry~~civil society, industry, in particular start-ups and SMEs, academic and research community, and other actors at the Member State level in cross-border projects;

Amendment 151 #

Proposal for a regulation
Article 7 – paragraph 1 – point b

(b) ~~facilita~~promoting the participation of industry, civil society including consumer organisations, academics and researchers, and other actors at the Member- State level in cross-border projects;

Amendment 152 #

Proposal for a regulation
Article 7 – paragraph 1 – point b

(b) ~~facilitat~~ensuring the participation of industry, in particular SMEs and other actors at the Member State level in cross- border projects;

Amendment 153 #

Proposal for a regulation
Article 7 – paragraph 1 – point c

(c) contributing, together with the Competence Centre, to identifying and addressing sector-specific cyber security industrial challenges, including state- sponsored cyberespionage;

Amendment 154 #

Proposal for a regulation
Article 7 – paragraph 1 – point c

(c) contributing, together with the Competence Centre, to identifying and addressing sector-specific cyber security ~~industrial~~ challenges;

Amendment 155 #

Proposal for a regulation
Article 7 – paragraph 1 – point c a (new)

(c a) cooperating closely with National Standardisation Organisations to ensure the uptake of existing standards and to involve all relevant stakeholders, particularly SMEs, in setting new standards;

Amendment 156 #

Proposal for a regulation
Article 7 – paragraph 1 – point e

(e) seeking to establish synergies with relevant activities at the national and regional level in order to achieve the goal of Union security;

Amendment 157 #

Proposal for a regulation
Article 7 – paragraph 1 – point e

(e) seeking to establish synergies with relevant activities at the national ~~and~~, regional and local level;

Amendment 158 #

Proposal for a regulation
Article 7 – paragraph 1 – point f a (new)

(f a) promoting and disseminating a common minimal cybersecurity educational curricula in cooperation with the relevant bodies in the Member States;

Amendment 159 #

Proposal for a regulation
Article 7 – paragraph 1 – point g

(g) promoting and disseminating the relevant outcomes of the work by the Network, the Cybersecurity Competence Community and the Competence Centre at national or, regional, or local level;

Amendment 160 #

Proposal for a regulation
Article 7 – paragraph 1 – point g

(g) promoting and disseminating the relevant outcomes of the work by the Network, the Cybersecurity Competence Community and the Competence Centre at national orand regional level;

Amendment 161 #

Proposal for a regulation
Article 7 – paragraph 1 – point h

(h) assessing requests by entities and individuals established in the same Member State as the Coordination Centre for becoming part of the Cybersecurity Competence Community.

Amendment 162 #

Proposal for a regulation
Article 7 – paragraph 1 – point h – point i (new)

i) promoting awareness campaigns, notably for SMEs and together with the Competence Centre provide the necessary cybersecurity skills and solutions;

Amendment 163 #

Proposal for a regulation
Article 8 – paragraph 1

1. The Cybersecurity Competence Community ~~shall~~ contributes to the mission of the Competence Centre as laid down in Article 3 and enhances and disseminates cybersecurity expertise across the Union and provides technical expertise.

Amendment 164 #

Arndt KOHN, Nicola DANTI

Proposal for a regulation
Article 8 – paragraph 2

2. The Cybersecurity Competence Community shall consist of industry, including SMEs and associations of SMEs, the European Standardisation Organisations, associations of users, academic and non-profit research organisations, and associations operating at national or at European level, as well as public entities and other entities dealing with operational and technical matters. It shall bring together the main stakeholders with regard to cybersecurity technological and industrial capacities in the Union. It shall involve National Coordination Centres as well as Union institutions and bodies with relevant expertise..

Amendment 165 #

Proposal for a regulation
Article 8 – paragraph 2

2. The Cybersecurity Competence Community shall consist of civil society, industry, academic and ~~non-profit research organisations, and associ~~research community, associations, individual experts, relevant European Standardisation Organisations, as well as public entities and other entities dealing with operational and technical matters in the area of cybersecurity. It shall bring together the main stakeholders with regard to cybersecurity technological ~~and industrial capac~~, industrial, academic and research, and societal capacities and capabilities in the Union~~. It~~ and shall involve National Coordination Centres as well as Union institutions and bodies with relevant expertise..

Amendment 166 #

Proposal for a regulation
Article 8 – paragraph 2

2. The Cybersecurity Competence Community shall consist of industry, SMEs, academic and non-profit research organisations, and associations as well as public entities and other entities dealing with operational and technical matters. It shall bring together the maindustrial stakeholders and other relevant actors with regard to cybersecurity technological and industrial capacities in the Union. It shall involve National Coordination Centres as well as Union institutions and bodies with relevant expertise..

Amendment 167 #

Proposal for a regulation
Article 8 – paragraph 2

2. The Cybersecurity Competence Community shall consist of industry, academic and non-profit research organisations, and associations as well as public entities and other entities dealing with operational and technical matters. It shall bring together the main stakeholders with regard to cybersecurity, technological ~~and~~, industrial, societal, academic and research capacbilities in the Union. It shall involve National Coordination Centres as well as Union institutions and bodies with relevant expertise..

Amendment 168 #

Proposal for a regulation
Article 8 – paragraph 3 – introductory part

3. Only entities which are established, and individuals resident within the Union may be accredited as members of the Cybersecurity Competence Community. They Governing Board shall specify criteria for cybersecurity expertise and applicants shall demonstrate that they ~~have cybersecurity~~can provide such expertise with regard to at least one of the following domains:

Amendment 169 #

Proposal for a regulation
Article 8 – paragraph 3 – point a

(a) academia or research;

Amendment 170 #

Proposal for a regulation
Article 8 – paragraph 3 – point a a (new)

(a a) ethics;

Amendment 171 #

Proposal for a regulation
Article 8 – paragraph 3 – point b a (new)

(b a) professional services or the deployment thereof;

Amendment 172 #

Proposal for a regulation
Article 8 – paragraph 3 – point b b (new)

(b b) formal and technical standardisation and specifications;

Amendment 173 #

Proposal for a regulation
Article 8 – paragraph 4

4. The Competence Centre shall accredit entities established under national law, or individuals, as members of the Cybersecurity Competence Community after an assessment made by the National Coordination Centre of the Member State where the entity is established, or the individual is a resident, on whether that entity or individual meets the criteria provided for in paragraph 3. An accreditation shall not be limited in time but may be revoked by the Competence Centre at any time if it or the relevant National Coordination Centre considers that the entity does not fulfil the criteria set out in paragraph 3 or it falls under the relevant provisions set out in Article 136 of Regulation XXX [new financial regulation]. The National Coordination Centres of the Member States shall aim to achieve a balanced representation of stakeholders in the Community, actively stimulating participation from under- represented categories and groups of individuals.

Amendment 174 #

Proposal for a regulation
Article 8 – paragraph 4 a (new)

4 a. The Commission may, by means of a delegated act in accordance with Article -45, further specify the criteria provided for in paragraph 3 and the procedures for assessing and accrediting entities that meet those criteria.

Amendment 175 #

Proposal for a regulation
Article 9 – paragraph 1 – point 5 a (new)

(5 a) encourage Community members that are manufacturers and service providers to certify their products and services under certification schemes adopted under the Cybersecurity Act.

Amendment 176 #

Proposal for a regulation
Article 10 – paragraph 1

1. The Competence Centre shall cooperate with relevant Union institutions, bodies, offices and agencies including the European Union Agency for Network and Information Security (ENISA), the Computer Emergency Response Team (CERT-EU), ~~the European External Action Service,~~ the Joint Research Centre of the Commission, the Research Executive Agency, the Innovation and Networks Executive Agency, as well as the European Cybercrime Centre at Europol ~~as well as the European Defence Agency~~.

Amendment 177 #

Proposal for a regulation
Article 10 – paragraph 2

2. Such cooperation shall take place within the framework of working arrangements. Those arrangements shall be ~~submitted to the~~adopted by the Governing Board after prior approval of the Commission.

Amendment 178 #

Proposal for a regulation
Article 12 – paragraph 1

1. The Governing Board shall be composed of one representative of each Member State, ~~and fiv~~three representatives of the Commission, on behalf of the Union and two representatives of professional associations from the private sector that have cybersecurity competences.

Amendment 179 #

Proposal for a regulation
Article 12 – paragraph 1

1. The Governing Board shall be composed of one representative of each Member State, five representatives from the European Parliament, and five representatives of the Commission, on behalf of the Union.

Amendment 180 #

Proposal for a regulation
Article 12 – paragraph 3

3. Members of the Governing Board and their alternates shall be appointed in light of their knowledge in the field of ~~technology~~cybersecurity, including knowledge related to technological aspects and its greater impact on society, as well as of relevant managerial, administrative and budgetary skills. The Commission and the Member States shall make efforts to limit the turnover of their representatives in the Governing Board, in order to ensure continuity of the Board’s work. The Commission and the Member States shall aim to achieve a balanced representation between men and women on the Governing Board.

Amendment 181 #

Proposal for a regulation
Article 12 – paragraph 3

3. Members of the Governing Board and their alternates shall be appointed in light of their knowledge in the field of ~~technolog~~cybersecurity as well as of relevant managerial, administrative and budgetary skills. The Commission and the Member States shall make efforts to limit the turnover of their representatives in the Governing Board, in order to ensure continuity of the Board’s work. The Commission and the Member States shall ~~aim to~~ achieve a balanced representation between men and women on the Governing Board.

Amendment 182 #

Proposal for a regulation
Article 12 – paragraph 6

6. The ~~Commission~~Governance Board may invite observers, including representatives of relevant Union bodies, offices and agencies and members of the Competence Community, to take part in the meetings of the Governing Board as appropriate to ensure expertise is brought in and to build stronger links with industry and research communities.

Amendment 183 #

Proposal for a regulation
Article 12 – paragraph 6

6. The ~~Commission~~Governing Board may invite observers, including representatives of relevant Union bodies, offices and agencies, to take part in the meetings of the Governing Board as appropriate.

Amendment 184 #

Proposal for a regulation
Article 12 – paragraph 7

7. The European Agency for Network and Information Security (ENISA) shall ~~be a~~ permanent ~~observer in the Governing Board~~ly take part in the deliberations of the Governing Board, in an advisory role without voting rights.

Amendment 185 #

Proposal for a regulation
Article 13 – paragraph 3 – point e a (new)

(e a) adopt the working arrangements referred to in Article 10(2);

Amendment 186 #

Proposal for a regulation
Article 13 – paragraph 3 – point l

(l) promote the cooperation of the Competence Centre with global~~ly, so as to raise its attractiveness and make it a world-class body for excellence in cybersecurity~~ actors;

Amendment 187 #

Proposal for a regulation
Article 16 – paragraph 1

1. The Executive Director shall be a person with vast expertise, in- depth knowledge and high good reputation in the areas where the Competence Centre operates.

Amendment 188 #

Proposal for a regulation
Article 16 – paragraph 3

3. The Executive Director shall be appointed by the Governing Board from a list of candidates proposed by the Commission, following an open and transparent selection procedure, while respecting the gender equality principle.

Amendment 189 #

Proposal for a regulation
Article 16 – paragraph 3

3. The Executive Director shall be appointed by the Governing Board from a list of candidates proposed by the Commission, following an open ~~and~~, transparent and non-discriminatory selection procedure.

Amendment 190 #

Proposal for a regulation
Article 16 – paragraph 3 a (new)

3 a. Before appointment, the candidate selected by the Governing Board shall make a statement before the relevant committee of the European Parliament and answer Members’ questions when invited to do so.

Amendment 191 #

Proposal for a regulation
Article 16 – paragraph 5

5. The term of office of the Executive Director shall be f~~our~~ive years. By the end of that period, the ~~Commission~~Governing Board shall carry out an assessment which takes into account the evaluation of the performance of the Executive Director and the Competence Centre’s future tasks and challenges.

Amendment 192 #

Proposal for a regulation
Article 16 – paragraph 6

6. The Governing Board may, ~~acting on a proposal from the Commission which takes~~taking into account the assessment referred to in paragraph 5, extend once the term of office of the Executive Director for no more than f~~our~~ive years.

Amendment 193 #

Proposal for a regulation
Article 16 – paragraph 8

8. The Executive Director shall be removed from office only by decision of the Governing Board, acting on its own initiative or on a proposal from the Commission.

Amendment 194 #

Proposal for a regulation
Article 17 – paragraph 2 – point h

(h) prepare an action plan following-up on the conclusions of the retrospective evaluations and reporting on progress every two years to the Commission and the European Parliament;

Amendment 195 #

Proposal for a regulation
Article 17 – paragraph 2 – point h

(h) prepare an action plan following-up on the conclusions of the retrospective evaluations and reporting on progress every two years to the Commission and the European Parliament

Amendment 196 #

Proposal for a regulation
Article 17 – paragraph 2 – point s

(s) prepare an action plan following-up conclusions of internal or external audit reports, as well as investigations by the European Anti-Fraud Office (OLAF) and reporting on progress twice a year to the Commission and the European Parliament and regularly to the Governing Board;

Amendment 197 #

Proposal for a regulation
Article 17 – paragraph 2 – point s

(s) prepare an action plan following-up conclusions of internal or external audit reports, as well as investigations by the European Anti-Fraud Office (OLAF) and reporting on progress twice a year to the Commission, the European Parliament and regularly to the Governing Board;

Amendment 198 #

Proposal for a regulation
Article 17 – paragraph 2 – point v

(v) ensure effective communication with the Union's institutions and report to the European Parliament and to the Council annually or on invitation;

Amendment 199 #

Proposal for a regulation
Article 18 – paragraph 1

1. The Industrial and Scientific Advisory Board shall consist of no more than 16 members~~. The members shall be appointed by the Governing Board from among the representatives of the entities~~ chosen among entities belonging to the Cybersecurity Competence Community, whereof no more than 10 members shall be appointed from among the representatives of the industry, of which no more than 4 SMEs, and no more than 6 members shall be appointed from Universities and RTO. The appointment of the Cymembers~~ecurity Competence Commun~~ shall also take into account their commitment to the contractual Public-Private Partnership (cPPP) on cybersecurity.

Amendment 200 #

Proposal for a regulation
Article 18 – paragraph 1

1. The Industrial and Scientific Advisory Board shall consist of no more than 16 members. The members shall be appointed by the Governing Board from among the representatives of the entities of the Cybersecurity Competence Community according to an open, transparent and non-discriminatory procedure. The Board shall include at least three members each from industry, academic community and civil society including consumer organisations.

Amendment 201 #

Proposal for a regulation
Article 18 – paragraph 1

1. The Industrial and Scientific Advisory Board shall consist of no more than 16 members. The members shall be appointed by the Governing Board from among the representatives of the entities of the Cybersecurity Competence Community. The board shall include at least three members from civil society, including consumer organisations.

Amendment 202 #

Proposal for a regulation
Article 18 – paragraph 1

Amendment 203 #

Arndt KOHN, Lucy ANDERSON

Proposal for a regulation
Article 18 – paragraph 1

1. The Industrial and Scientific Advisory Board shall consist of no more than 1625 members. The members shall be appointed by the Governing Board from among the representatives of the entities of the Cybersecurity Competence Community.

Amendment 204 #

Proposal for a regulation
Article 18 – paragraph 4

4. The term of office of members of the Industrial and Scientific Advisory Board shall be ~~three~~four years. That term shall be renewable.

Amendment 205 #

Proposal for a regulation
Article 19 – paragraph 1

1. The Industrial and Scientific Advisory Board shall meet at least t~~wice~~hree times a year.

Amendment 206 #

Proposal for a regulation
Article 19 – paragraph 2

2. The Industrial and Scientific Advisory Board may advise the Governing Board on the establishment of working groups on specific issues relevant to the work of the Competence Centre where necessary under the overall coordination of one or more members of the Industrial and Scientific Advisory Board.deleted

Amendment 207 #

Proposal for a regulation
Article 19 – paragraph 2

2. The Industrial and Scientific Advisory Board ~~may~~shall advise the Governing Board on the establishment of working groups on specific issues relevant to the work of the Competence Centre, particularly in relation to the competences and tasks of the Industrial and Scientific Advisory Board, where necessary under the overall coordination of one or more members of the Industrial and Scientific Advisory Board.

Amendment 208 #

Nicola DANTI

Proposal for a regulation
Article 19 – paragraph 2

2. The Industrial and Scientific Advisory Board may advise the Governing Board on the establishment of working groups on specific issues relevant to the work of the Competence Centre, in particular when they fall within the tasks specified in Art. 20, where necessary under the overall coordination of one or more members of the Industrial and Scientific Advisory Board.

Amendment 209 #

Proposal for a regulation
Article 19 – paragraph 2 a (new)

2 a. The Industrial and Scientific Advisory Board shall have the right to nominate the participants of the working groups established under Art 19(2) from among the members of the Cybersecurity Competence Community.

Amendment 210 #

Proposal for a regulation
Article 19 – paragraph 4

4. The Industrial and Scientific Advisory Board shall adopt its rules of procedure, including the nature and the appropriate level of coordination with the cPPP, as well as the nomination of the representatives that shall represent the Advisory Board where relevant and the duration of their nomination.

Amendment 211 #

Nicola DANTI

Proposal for a regulation
Article 19 – paragraph 4 a (new)

4 a. The Industrial and Scientific Advisory Board shall foster a high level of cooperation with the contractual public- private partnership (cPPP) on cybersecurity.

Amendment 212 #

Proposal for a regulation
Article 20 – paragraph 1 – point 1 a (new)

(1 a) provide the Executive Director and the Governing Board with a draft medium-to long-term R&I agenda on technology and applications;

Amendment 213 #

Proposal for a regulation
Article 20 – paragraph 1 – point 1 a (new)

(1 a) advise the Governing Board on the establishment of working groups on specific issues relevant to the work of the Competence Centre;

Amendment 214 #

Proposal for a regulation
Article 20 – paragraph 1 – point 3 a (new)

(3 a) provide the Executive Director and the Governing Board with independent advice on deployment and procurement;

Amendment 215 #

Proposal for a regulation
Article 20 – paragraph 1 a (new)

1 a. In order to guarantee the alignment and the efficacy of the Industrial and Scientific Advisory Board, its chair shall have the right, except for matters which do not fall within the tasks of the Industrial and Scientific Board as outlined in Art. 20, to attend meetings of the Governing Board as an observer and to take part in its deliberations, but shall have no voting rights.

Amendment 216 #

Proposal for a regulation
Article 20 – paragraph 1 b (new)

1 b. Representatives of the Industrial and Scientific Advisory Board as per Art. 19(4) may also be invited to attend meetings with the same rights and limitations whenever issues falling within their tasks are discussed.

Amendment 217 #

Proposal for a regulation
Article 21 – paragraph 1 – point b a (new)

(b a) An amount from the European Defence Fund for actions and administrative costs related to defence.

Amendment 218 #

Proposal for a regulation
Article 21 – paragraph 4

~~4. The Union financial contribution shall not cover the tasks referred to in Article 4(8)(b)~~deleted

Amendment 219 #

Proposal for a regulation
Article 21 – paragraph 4

4. The ~~Union financial contribution~~European Defence Fund shall ~~not~~ cover the tasks referred to in Article 4(8)(b)

Amendment 220 #

Proposal for a regulation
Article 22 – paragraph 4

4. The Commission may terminate, proportionally reduce or suspend the Union’s financial contribution to the Competence Centre if the participating Member States do not contribute, contribute only partially or contribute late with regard to the contributions referred to in paragraph 1.deleted

Amendment 221 #

Proposal for a regulation
Article 22 – paragraph 4

4. The Commission may terminate, proportionally reduce or suspend the Union’s financial contribution to the Competence Centre if the participating Member States do not contribute, or contribute only partially ~~or contribute late~~ with regard to the contributions referred to in paragraph 1.

Amendment 222 #

Proposal for a regulation
Article 23 – paragraph 4 – point a

(a) the Union's and participating Member States' financial contributions to the administrative costs;

Amendment 223 #

Proposal for a regulation
Article 23 – paragraph 8 a (new)

8 a. The Competence Centre shall cooperate closely with other Union institutions, agencies, and bodies in order to reduce administrative costs.

Amendment 224 #

Proposal for a regulation
Article 23 – paragraph 8 a (new)

8 a. The Competence Centre shall cooperate closely with other Union institutions, agencies, in particular ENISA and other relevant bodies;

Amendment 225 #

Proposal for a regulation
Article 35 – paragraph 2

2. The Competence Centre shall ensure that the public and any interested parties are ~~given appropriat~~provided with comprehensive, objective, reliable and easily accessible information, in particular with regard to the results of ~~its~~the work of the Competence Centre, the Network, the Industry and Scientific Advisory Board and the Community. It shall also make public the declarations of interest made in accordance with Article 412.

Amendment 226 #

Proposal for a regulation
Article 35 – paragraph 2 a (new)

2 a. The Competence Centre shall provide the public and any interested parties with a list of the Cybersecurity Competence Community members and shall make public the declarations of interest made by them in accordance with Article 42.

Amendment 227 #

Proposal for a regulation
Article 38 a (new)

Article 38 a Legal Personality of the Competence Centre 1. The Competence Centre shall have legal personality. 2. In each Member State, the Competence Centre shall enjoy the most extensive legal capacity accorded to legal persons under the laws of that Member State. It may, in particular, acquire or dispose of movable and immovable property and may be a party to legal proceedings.

Amendment 228 #

Proposal for a regulation
Article 42 – paragraph 1

The Competence Centre Governing Board shall adopt rules for the prevention ~~and management of conflicts of interest in respect of its members, bodies and staff. Those rules shall contain the provisions intended to avoid a~~, identification, and resolution of conflicts of interest in respect of ~~the representatives of the members serving in~~its members, bodies and staff, the Governing Board, as well as the Scientific and Industrial Advisory Board ~~in accordance with Regulation XXX [new Financial Regulation]~~, and the Community.

Amendment 229 #

Proposal for a regulation
Article 42 – paragraph 1

The Competence Centre Governing Board shall adopt rules for the prevention and management of conflicts of interest in respect of its members, bodies and staff, including the Executive Director. Those rules shall contain the provisions intended to avoid a conflict of interest in respect of the representatives of the members serving in the Governing Board as well as the Scientific and Industrial Advisory Board in accordance with Regulation XXX [new Financial Regulation].

Amendment 230 #

Proposal for a regulation
Article 42 – paragraph 1 a (new)

Member States shall ensure the prevention, identification, and resolution of conflicts of interest in respect of the National Coordination Centres.

Amendment 231 #

Proposal for a regulation
Article 42 – paragraph 1 b (new)

The rules referred to in paragraph 1 shall comply with Regulation (EU, Euratom) 2018/1046.

Amendment 232 #

Proposal for a regulation
Article 44 – title

Seat and Support from the host Member State

Amendment 233 #

-1 The seat of the Competence Centre shall be located in [Brussels, Belgium].

Amendment 234 #

Proposal for a regulation
Article 44 – paragraph –1 a (new)

-1 a The host Member State shall provide the best possible conditions to ensure the proper functioning of the Competence Centre, including a single location, the accessibility of the location, the existence of adequate education facilities for the children of staff members, appropriate access to the labour market, social security and medical care for both children and partners.

Amendment 235 #

Proposal for a regulation
Article 44 – paragraph 1

An administrative agreement ~~may~~shall be concluded between the Competence Centre and the Member State [Belgium] in which its seat is located concerning privileges and immunities and other support to be provided by that Member State to the Competence Centre.

Amendment 38 #

Proposal for a regulation
Recital 1

(1) OMore than 80% of the population of the European Union is connected to the internet and our daily lives and economies are becomeing increasingly dependent on digital technologies, with citizens becomeing more and more exposed to serious cyber incidents. Future security depends, among others, on enhancing technological and industrial ability to protect the Union against cyber threats, as both civilian infrastructure and military capacities rely on secure digital systems.

Amendment 39 #

Proposal for a regulation
Recital 1

(1) Our daily lives and economies become increasingly dependent on digital technologies, citizens become more and more exposed to serious cyber incidents. Future security depends, among others, on enhancing technological and industrial ability to protect the Union against cyber threats, as both ~~civilian~~ infrastructure and ~~militar~~security capacities rely on secure digital systems.

Amendment 40 #

Proposal for a regulation
Recital 3 a (new)

(3 a) Article 41(2) of the Treaty on European Union states that the Union budget is not to be used for expenditure arising from operations having military or defence implications. Therefore the Cybersecurity Industrial, Technology, and Research Centre and its actions should be provided purely for civilian purposes.

Amendment 41 #

Proposal for a regulation
Recital 4

(4) The Heads of State and Government at the Tallinn Digital Summit, in September 2017, called for the Union to become "a global leader in cyber-security by 2025, in order to ensure trust, confidence and protection of our citizens, consumers and enterprises online and to enable a free, safer and law-governed internet."

Amendment 42 #

Proposal for a regulation
Recital 4 a (new)

(4 a) The Competence Centre and its actions should take into account the implementation of Regulation (EU) 2019/XXX [recast of Regulation (EC) No 428/2009 as proposed by COM(2016)616].22a _________________ 22a Regulation (EU) 2019/... of the European Parliament and of the Council of ... setting up a Union regime for the control of exports, transfer, brokering, technical assistance and transit of dual- use items (OJ L ..., ..., p. ...).

Amendment 43 #

Proposal for a regulation
Recital 5

(5) Substantial disruption of network and information systems can affect individual Member States and the Union as a whole. The security of network and information systems is therefore essential ~~for the smooth functioning of the internal market~~. At the moment, the Union depends on non- European cybersecurity providers. However, it is in the Union's strategic interest to ensure that it retains and develops essential cybersecurity technological capacities ~~to secure its Digital Single Market, and~~and capabilities in particular to protect critical networks and information systems and to provide key cybersecurity services.

Amendment 44 #

Proposal for a regulation
Recital 5 a (new)

(5 a) The resilience of ICT infrastructure like the Internet is critical to society, industry and research throughout the Union. That infrastructure relies heavily on components developed as Free and Open Source Software. Society, industry, businesses with diverse business models, as well as research and development build on them to create products and provide services.

Amendment 45 #

Proposal for a regulation
Recital 6 a (new)

(6 a) Cybersecurity experts often start their education in non-formal contexts, for example Free and Open Source Software projects and civic tech projects. Civic tech projects make use of open standards, Open Data, and Free and Open Source Software to develop products and services in the interest of society and the public good. They can be of non- commercial or pre-commercial nature and can as such be a precursor for start- ups, or academic and research projects.

Amendment 46 #

Proposal for a regulation
Recital 8

(8) The Competence Centre should be the Union's main instrument to pool investment in cybersecurity research, technology and industrial development and to implement relevant projects and initiatives together with the Cybersecurity Competence Network. It should deliver cybersecurity-related financial support from the Horizon Europe and Digital Europe programmes, and should be open to the European Defence Fund, European Regional Development Fund and other programmes where appropriate. This approach should contribute to creating synergies and coordinating financial support related to EU initiatives in the field of civil R&D, cybersecurity research, innovation, technology and industrial development and avoiding duplication.

Amendment 47 #

Proposal for a regulation
Recital 8

(8) The Competence Centre should be the Union's main instrument to pool investment in cybersecurity research, technology and industrial development and to implement relevant projects and initiatives together with the Cybersecurity Competence Network. It should deliver cybersecurity-related financial support from the Horizon Europe and Digital Europe programmes, as well as from the European Defence Fund for actions and administrative costs related to defence, and should be open to the European Regional Development Fund and other programmes where appropriate. This approach should contribute to creating synergies and coordinating financial support related to cybersecurity research, innovation, technology and industrial development and avoiding duplication.

Amendment 48 #

Proposal for a regulation
Recital 8 a (new)

(8 a) The Competence Centre should contribute to the security of ICT technology that is challenged by a constant evolution of threats and by the advancement of the technology itself. That is why security cannot simply be established, but should be understood as a process, incorporating the principle of “security by design” in the development of ICT technology. “Security by design” as established in Commission Joint Communication of 13 September 2017 entitled “Resilience, Deterrence and Defence: Building strong cybersecurity for the EU” includes state-of-the-art methods to increase security, at all stages of the lifecycle of a product or service, starting with secure design and development methods, reducing the attack surface, and incorporating adequate security testing and security audits. For the duration of operation and maintenance, producers or providers need to make available updates remedying new vulnerabilities or threats without delay, for the estimated lifetime of a product and beyond. This can also be achieved by enabling third parties to create and provide such updates. The provision of updates is especially necessary in the case of commonly used infrastructures, products and processes.

Amendment 49 #

Proposal for a regulation
Recital 8 a (new)

(8 a) In view of the extent of the cybersecurity challenge and in view of the investments made in cybersecurity capacities and capabilities in other parts of the world, the Union and its Member States should step up their financial support to research, development and deployment in this area. In order to realise economies of scale and achieve a comparable level of protection across the union, the Member States should put their efforts into a European framework by investing through the Competence Centre mechanism where relevant.

Amendment 50 #

Proposal for a regulation
Recital 8 b (new)

(8 b) “Security by design” as a principle should also influence formal as well as non-formal standardisation processes, where a common practice in non-formal standardisation is the creation of reference implementations, published under free and open licences. The secure design of, in particular, reference implementations is crucial for the overall reliability and resilience of commonly used network and information system infrastructure like the internet.

Amendment 51 #

Proposal for a regulation
Recital 9

(9) Taking into account that the objectives of this initiative can be best achieved if all Member States or as many Member States as possible ~~participa~~contribute, and as an incentive for Member States to take part, only Member States who contribute financially to the administrative and operational costs of the Competence Centre should hold voting rights.

Amendment 52 #

Proposal for a regulation
Recital 12

(12) National Coordination Centres should be selected by Member States. In addition to the necessary administrative capacity, Centres should either possess or have direct access to cybersecurity technological expertise in cybersecurity, notably in domains such as cryptography, ICT security services, intrusion detection, system security, network security, software and application security, or human and societal aspects of security and privacy. They should also have the capacity to effectively engage and coordinate with the industry, the public sector, including authorities designated pursuant to the Directive (EU) 2016/1148 of the European Parliament and of the Council23 , and the research community. In addition, awareness shall be raised amongst the general public about cybersecurity through appropriate communicative means. _________________ 23 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (OJ L 194, 19.7.2016, p. 1).

Amendment 53 #

Proposal for a regulation
Recital 12

(12) National Coordination Centres should be selected by Member States. In addition to the necessary administrative capacity, Centres should either possess or have direct access to cybersecurity technological expertise in cybersecurity, notably in domains such as cryptography, ICT security services, intrusion detection, system security, network security, software and application security, or human, ethical and societal aspects of security and privacy. They should also have the capacity to effectively engage and coordinate with the industry, the public sector, including authorities designated pursuant to the Directive (EU) 2016/1148 of the European Parliament and of the Council23 , and the research community. _________________ 23 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (OJ L 194, 19.7.2016, p. 1).

Amendment 54 #

Proposal for a regulation
Recital 14

(14) Emerging technologies such as artificial intelligence, Internet of Things, high-performance computing (HPC) and quantum computing, ~~blockchain and~~as well as concepts such as secure digital identities create at the same time new challenges for cybersecurity as well as offer solutions. Assessing and validating the robustness of existing or future ICT systems will require testing security solutions against attacks run on HPC and quantum machines. The Competence Centre, the Network and the Cybersecurity Competence Community should help advance and disseminate the latest cybersecurity solutions. At the same time the Competence Centre and the Network should be at the service of developers and operators in critical sectors such as transport, energy, health, financial, government, telecom, manufacturing, ~~defence,~~ and space to help them solve their cybersecurity challenges.

Amendment 55 #

Proposal for a regulation
Recital 15

(15) The Competence Centre should have several key functions. First, the Competence Centre should facilitate and help coordinate the work of the European Cybersecurity Competence Network and nurture the Cybersecurity Competence Community. The Centre should drive the cybersecurity technological agenda and facilitate access to the expertise gathered in the Network and the Cybersecurity Competence Community. Secondly, it should implement relevant parts of Digital Europe and Horizon Europe programmes as well as of the European Defence Fund, by allocating grants, typically following a competitive call for proposals. Thirdly, the Competence Centre should facilitate joint investment by the Union, Member States and/or industry.

Amendment 56 #

Proposal for a regulation
Recital 17

(17) In order to respond to the needs of both demand and supply side industries, the Competence Centre's task to provide cybersecurity knowledge and technical assistance to industries should refer to both ICT products, processes and services and all other industrial and technological products and solutions in which cybersecurity is to be embedded.

Amendment 57 #

Proposal for a regulation
Recital 18

(18) ~~Whereas the Competence Centre and the Network should strive to achieve synergies between the cybersecurity civilian and defence spheres, p~~Projects financed by the Horizon Europe Programme will be implemented in line with Regulation XXX [Horizon Europe Regulation], which provides that research and innovation activities carried out under Horizon Europe shall have a focus on civil applications.

Amendment 58 #

Proposal for a regulation
Recital 18 a (new)

(18 a) Where an applicant for funding under Horizon Europe excludes non-civil applications in development, research, education or other activities, this should not lead to a disadvantage.

Amendment 59 #

Proposal for a regulation
Recital 20 a (new)

(20 a) Given that with ENISA there is already another dedicated EU cybersecurity agency, the Competence Centre Governing Board should ensure that ENISA is consulted on all the Centre's relevant activities, to create synergies;

Amendment 60 #

Proposal for a regulation
Recital 21

(21) In view of their respective expertise in cybersecurity, the Joint Research Centre of the Commission as well as the European Network and Information Security Agency (ENISA) should play an active part in the Cybersecurity Competence Community and the Industrial and Scientific Advisory Board, in order to ensure synergies.

Amendment 61 #

Proposal for a regulation
Recital 22

(22) Where they receive a financial contribution from the general budget of the Union, the National Coordination Centres and the entities which are part of the Cybersecurity Competence Community should publicise the fact that the respective activities are undertaken in the context of the present initiative and are of civilian nature.

Amendment 62 #

Proposal for a regulation
Recital 24

(24) The Governing Board of the Competence Centre, composed of the Member States and the Commission, should define the general direction of the Competence Centre’s operations, and ensure that it carries out its tasks in accordance with this Regulation. The Governing Board should be entrusted with the powers necessary to establish the budget, verify its execution, adopt the appropriate financial rules, establish transparent working procedures for decision making by the Competence Centre, adopt the Competence Centre’s work plan and multiannual strategic plan reflecting the priorities in achieving the objectives and tasks of the Competence Centre, adopt its rules of procedure, appoint the Executive Director and decide on the extension of the Executive Director’s term of office and on the termination thereof. ENISA should be a permanent observer in the Governing Board.

Amendment 63 #

Proposal for a regulation
Recital 25 a (new)

(25 a) The commission should have sufficient weight in the decisions of the Governing Board, in line with its responsibility to ensure proper management of the Union budget as laid down in the Treaties.

Amendment 64 #

Proposal for a regulation
Recital 27

(27) The Competence Centre should have an Industrial and Scientific Advisory Board as an advisory body to ensure regular dialogue with the private sector, consumers’ organisations and other relevant stakeholders. A minimum number of seats shall be allocated to each category of these relevant stakeholders which should include but not be limited to, industry professionals dealing with areas of cybersecurity, academics and research professionals, and relevant civil society bodies. The Industrial and Scientific Advisory Board should focus on issues relevant to stakeholders and bring them to the attention of the Competence Centre's Governing Board. The composition of the Industrial and Scientific Advisory Board and the tasks assigned to it, such as being consulted regarding the work plan, should ensure sufficient representation of stakeholders in the work of the Competence Centre.

Amendment 65 #

Arndt KOHN, Nicola DANTI

Proposal for a regulation
Recital 27

(27) The Competence Centre should have an Industrial and Scientific Advisory Board as an advisory body to ensure regular dialogue with the private sector, consumers’ organisations and other relevant stakeholders. The Industrial and Scientific Advisory Board should focus on issues relevant to stakeholders and bring them to the attention of the Competence Centre's Governing Board. The composition of the Industrial and Scientific Advisory Board and the tasks assigned to it, such as being consulted regarding the work plan, should ensure sufficient representation of stakeholders in the work of the Competence Centre. A minimum number of seats should be allocated to each category of industry stakeholders, with particular attention paid to the representation of SMEs.

Amendment 66 #

Proposal for a regulation
Recital 29

(29) The Competence Centre should have in place rules regarding the prevention ~~and the management~~, identification and resolution of conflicts of interest in respect of its members, bodies and staff, the Governing Board, as well as the Scientific and Industrial Advisory Board, and the Community. Member States should ensure the prevention, identification, and resolution of conflicts of interest in respect of the National Coordination Centres. The Competence Centre should also apply the relevant Union provisions concerning public access to documents as set out in Regulation (EC) No 1049/2001 of the European Parliament and of the Council24 . Processing of personal data by the Competence Centre will be subject to Regulation (EU) No XXX/2018 of the European Parliament and of the Council. The Competence Centre should comply with the provisions applicable to the Union institutions, and with national legislation regarding the handling of information, in particular sensitive non classified information and EU classified information. _________________ 24 Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145, 31.5.2001, p. 43).

Amendment 67 #

Proposal for a regulation
Recital 31

(31) The Competence Centre should operate in an open and transparent way ~~providing all relevant~~comprehensively providing information in a timely manner as well as promoting its activities, including information and dissemination activities to the wider public. It should provide the public and any interested parties with a list of the Cybersecurity Competence Community members and should make public the declarations of interest made by them in accordance with Article 42. The rules of procedure of the bodies of the Competence Centre should be made publicly available.

Amendment 68 #

Proposal for a regulation
Recital 31 a (new)

(31 a) It is advisable that both the Competence Centre and the National Coordination Centres monitor and follow the international standards as much as possible, in order to encourage development towards global best practices;

Amendment 69 #

Proposal for a regulation
Recital 31 a (new)

(31 a) The European Cybersecurity Community can benefit from representing the diversity of society at large, and should achieve a balanced representation of genders, ethnic diversity, and disabled persons.

Amendment 70 #

Proposal for a regulation
Article 1 – paragraph 2

2. The Competence Centre shall contribute to the implementation of the cybersecurity part of the Digital Europe Programme established by Regulation No XXX and in particular actions related to Article 6 of Regulation (EU) No XXX [Digital Europe Programme] thereof ~~and~~, of the Horizon Europe Programme established by Regulation No XXX and in particular Section 2.2.6 of Pillar II of Annex I. of Decision No XXX on establishing the specific programme implementing Horizon Europe – the Framework Programme for Research and Innovation[ref. number of the Specific Programme] and of the European Defence Fund established by Regulation No XXX.

Amendment 71 #

Proposal for a regulation
Article 1 – paragraph 2 a (new)

2 a. The Competence Centre shall contribute to the overall resilience in the Union towards cybersecurity threats. This can be achieved by raising the awareness for cybersecurity threats, by developing competences, capacities, capabilities throughout the Union, thoroughly taking into account the interplay of hardware and software infrastructure, networks, products and processes, and the societal and ethical implications and concerns.

Amendment 72 #

Proposal for a regulation
Article 1 – paragraph 3

~~3. The seat of the Competence Centre shall be located in [Brussels, Belgium.]~~deleted (The amendment is of technical nature, sentence is moved into Article 44.)

Amendment 73 #

Proposal for a regulation
Article 1 – paragraph 4

4. The Competence Centre shall have legal personality. In each Member State, it shall enjoy the most extensive legal capacity accorded to legal persons under the laws of that Member State. It may, in particular, acquire or dispose of movable and immovable property and may be a party to legal proceedings.deleted (This amendment is of technical nature. The paragraph is moved into Article 38a (new).)

Amendment 74 #

Proposal for a regulation
Article 2 – paragraph 1 – point 1

(1) 'cybersecurity' means the process of the protection of network and information systems, their users, and other persons against ~~cyber threat~~threats from network and information systems and their users;

Amendment 75 #

Proposal for a regulation
Article 2 – paragraph 1 – point 1

(1) 'cybersecurity' means the protection of networks, infrastructure and information systems, their users, and other persons against cyber threats;

Amendment 76 #

Proposal for a regulation
Article 2 – paragraph 1 – point 2

(2) '~~cybersecurity~~ products and ~~solution~~processes' means commercial and non-commercial ICT products, services or processes with the specific purpose of protecting network and information systems, their users and ~~affected~~other persons from cyber ~~threats;~~security threats, including Free and Open Source Software products, services or processes; (This amendment, replacing “solutions” with “products and processes”, applies throughout the text. Adopting it will necessitate corresponding changes throughout.)

Amendment 77 #

Proposal for a regulation
Article 2 – paragraph 1 – point 3

(3) 'public authority' means any government or other public administration, including public advisory bodies, at national, regional or local level or any natural or legal person performing public administrative functions under national and Union law, including specific duties;

Amendment 78 #

Proposal for a regulation
Article 2 – paragraph 1 – point 3

Amendment 79 #

(4 a) ‘industry’ means the industry providing products, processes, and services addressing cybersecurity demands and requirements, including SMEs, microenterprises, and individual experts.

Amendment 80 #

Proposal for a regulation
Article 2 – paragraph 1 – point 4 b (new)

(4 b) ‘stakeholders’ mean the industry, public entities and other entities dealing with operational and technical matters in the area of cybersecurity; civil society, in particular consumer associations, and the Free and Open Source Software community; the academic and research community;

Amendment 81 #

Proposal for a regulation
Article 2 – paragraph 1 – point 4 c (new)

(4 c) ‘civic tech projects’ means non- commercial and pre-commercial projects making use of open standards, Open Data, and Free and Open Source Software, in the interest of society and the public good, in particular where they do not have access to sufficient, steady financial support;

Amendment 82 #

Proposal for a regulation
Article 3 – paragraph 1 – point a

(a) retain and develop the cybersecurity technological and industrial capacities necessary to secure its Digital Single Market, increasing the trust of European consumers and citizens;

Amendment 83 #

Proposal for a regulation
Article 3 – paragraph 1 – point a

(a) retain and develop the cybersecurity technological ~~and industrial~~, academic and research, societal and industrial capabilities and capacities necessary to secure its Digital Single Market;

Amendment 84 #

Proposal for a regulation
Article 3 – paragraph 1 – point a

(a) retain and develop the cybersecurity technological and industrial capacities necessary to secure, rather than fragment, its Digital Single Market;

Amendment 85 #

Proposal for a regulation
Article 3 – paragraph 1 – point a

(a) retain and develop the cybersecurity technological and industrial capacities necessary to secure and develop its Digital Single Market;

Amendment 86 #

Proposal for a regulation
Article 3 – paragraph 1 – point a

(a) ~~retain and~~ develop the civilian cybersecurity technological ~~and~~, industrial ~~capacities necessary to secure its Digital Single Market~~, societal, academic and research capacities and capabilities;

Amendment 87 #

Proposal for a regulation
Article 3 – paragraph 1 – point a a (new)

(a a) increase the resilience and reliability of the civilian infrastructure of network and information systems, the Internet and commonly used hardware and software in the Union;

Amendment 88 #

Proposal for a regulation
Article 3 – paragraph 1 – point a a (new)

(a a) Support, facilitate and accelerate standardisation and certification processes;

Amendment 89 #

Arndt KOHN, Nicola DANTI

Proposal for a regulation
Article 3 – paragraph 1 – point a a (new)

(a a) Increase European digital autonomy in respect to cybersecurity

Amendment 90 #

Proposal for a regulation
Article 3 – paragraph 1 – point b

(b) increase the competitiveness of the Union's cybersecurity industry and turn cybersecurity into competitive advantage of other Union industries, giving it a firm foundation and making it a key player in the fight against cyber-attacks.

Amendment 91 #

Proposal for a regulation
Article 3 – paragraph 1 – point b

(b) increase the competitiveness of the Union's civilian cybersecurity industry and turn cybersecurity into a competitive advantage of other Union industries.

Amendment 92 #

Proposal for a regulation
Article 3 – paragraph 1 – point b a (new)

(b a) raise the awareness for cybersecurity threats, and related societal and ethical implications and concerns in the Union;

Amendment 93 #

Proposal for a regulation
Article 3 – paragraph 1 – point b a (new)

(b a) increase and secure the European digital autonomy in cybersecurity.

Amendment 94 #

Proposal for a regulation
Article 4 – paragraph 1 – point 1

1. ~~facilitate and help coordinate the work of~~create, manage, and facilitate the National Coordination Centres Network (‘the Network’) referred to in Article 6 and the Cybersecurity Competence Community ('the Community') referred to in Article 8; (The term "Cybersecurity Competence Community" can be shortened to "the Community" throughout the text.)

Amendment 95 #

Proposal for a regulation
Article 4 – paragraph 1 – point 2

2. contribute to the implementation of the cybersecurity part of the Digital Europe Programme established by Regulation No XXX26 and in particular actions related to Article 6 of Regulation (EU) No XXX [Digital Europe Programme] ~~and~~, of the Horizon Europe Programme established by Regulation No XXX27 and in particular Section 2.2.6 of Pillar II of Annex I. of Decision No XXX on establishing the specific programme implementing Horizon Europe – the Framework Programme for Research and Innovation[ref. number of the Specific Programme]., of the European Defence Fund established by Regulation No XXX and of other Union programmes when provided for in legal acts of the Union]; _________________ 26 [add full title and OJ reference] 27 [add full title and OJ reference]

Amendment 96 #

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – introductory part

3. enhance cybersecurity resilience, capabilities, knowledge and infrastructures at the service of society, industries, the public sector and research communities, by carrying out the following tasks, having regard to the state-of-the-art cybersecurity industrial and research infrastructures and related services:

Amendment 97 #

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – introductory part

3. enhance cybersecurity capacities and capabilities, knowledge and infrastructures at the service of industries, the public sector and research communities, and raise awareness of how effective cybersecurity can reduce societal and ethical threats to the Union, by carrying out the following tasks:

Amendment 98 #

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – introductory part

3. enhance cybersecurity capabilities, knowledge and infrastructures at the service of industries, services, the public sector and research communities, by carrying out the following tasks:

Amendment 99 #

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point a

(a) ~~having regard to the state-of-the- art cybersecurity industrial and research infrastructures and related services ,~~ acquiring, upgrading, operating and making available ~~such infrastructur~~own facilities and related services to a wide range of users a~~cross the Union from industry including SMEs, the public sector and the research and scientific community~~nd stakeholders;

source: 632.037

2019/01/17 ITRE 257 amendments...

Amendment 114 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Recital 1

(1) Our daily lives and economies become increasingly dependent on digital technologies, citizens become more and more exposed to serious cyber incidents. Future security depends, among others, on enhancing technological and industrial ability in terms of people, processes and technology to protect the Union against constantly evolving cyber threats, as both civilian infrastructure and military capacities rely on secure digital systems.

Amendment 115 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Recital 1 a (new)

(1a) Cybercrime is a fast growing threat to the Union, its citizens and its economy. In 2017, 80 % of the European companies have experienced at least one cyber incident. The Wannacry-attack in May 2017 affected more than 150 countries and 230 000IT-systems and had significant impacts on critical infrastructures such as hospitals. This underlines the necessity for the highest cybersecurity standards and holistic cybersecurity solutions, involving people, products, processes and technology in the Union, as well as for European leadership in the matter, and for Digital autonomy.

Amendment 116 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Recital 1 b (new)

(1b) This regulation contributes to the protection of the environment through the protection of environment-relevant infrastructures and networks such as nuclear infrastructures.

Amendment 117 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Recital 1 c (new)

(1c) This regulation contributes to the achievement of the Sustainable Development Goals, in particular to the goal “Industry, innovation and infrastructure”.

Amendment 118 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Recital 1 d (new)

(1d) The Competence Centre and the Cybersecurity Competence Community should, in order to foster European competitiveness and highest cybersecurity standards internationally, seek the exchange on cybersecurity solutions, products and standards with the international community.

Amendment 119 #

Proposal for a regulation
Recital 5

(5) Substantial disruption of network and information systems can affect individual Member States and the Union as a whole. The highest level of security of network and information systems throughout the Union is therefore essential for the smooth functioning of the society and economy, i.e. the internal market. At the moment, the Union depends on non-European cybersecurity providers. However, it is in the Union’s strategic interest to ensure that it retains and develops essential cybersecurity technological capacities to secure ~~its Digital Single Market, and in particular to protect critical networks and information systems~~the protection of data and critical networks and information systems of European citizens and companies, including critical infrastructures for the functioning of society such as transport systems, health systems and banking, and the Digital Single Market and to provide key cybersecurity services.

Amendment 120 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Recital 6

(6) A wealth of expertise and experience in cybersecurity research, technology and industrial development exists in the Union but the efforts of industrial and research communities are fragmented, lacking alignment and a common mission, which hinders competitiveness and effective protection of critical data, networks and systems in this domain. These efforts and expertise need to be pooled, networked and used in an efficient manner to reinforce and complement existing research, technology, skills and industrial capacities at Union and national levels.

Amendment 121 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO

Proposal for a regulation
Recital 6 a (new)

(6a) SMEs are crucial actors in the European cybersecurity sector that can provide cutting-edge solutions due to their agility. SMEs that are not specialised in cybersecurity however, are also prone to be more vulnerable to cyber incidents due to high investment and knowledge requirements to establish effective cybersecurity solutions. It is therefore necessary that the Competence Centre and the Cybersecurity Competence Network provide special support for SMEs by facilitating their access to knowledge and training in order to allow them to secure themselves sufficiently and to allow those who are active in cybersecurity to contribute to the European leadership in the field.

Amendment 122 #

Proposal for a regulation
Recital 8

(8) The Competence Centre should be the Union’s main instrument to develop European leadership in cybersecurity, to pool investment in cybersecurity research, technology and industrial development, to support SMEs in gathering expertise in cybersecurity and to implement relevant projects and initiatives together with the Cybersecurity Competence Network. It should deliver cybersecurity-related financial support from the Horizon Europe ~~and~~, Digital Europe programmes and the European Defence Fund for actions related to defence, and should be open to the European Regional Development Fund and other programmes where appropriate. This approach should contribute to creating synergies and coordinating financial support related to cybersecurity research, innovation, technology and industrial development and avoiding duplication.

Amendment 123 #

Proposal for a regulation
Recital 8

(8) The Competence Centre should be the Union’s main instrument to pool investment in cybersecurity research, technology, especially quantum technologies, and industrial development and to implement relevant projects and initiatives together with the Cybersecurity Competence Network. It should deliver cybersecurity-related financial support from the Horizon Europe and Digital Europe programmes, and should be open to the European Regional Development Fund and other programmes where appropriate. This approach should contribute to creating synergies and coordinating financial support related to cybersecurity research, innovation, technology and industrial development and avoiding duplication.

Amendment 124 #

Clare MOODY

Proposal for a regulation
Recital 8

(8) The Competence Centre should be the Union’s main instrument to pool investment in cybersecurity research, technology and industrial development and to implement relevant projects and initiatives together with the Cybersecurity Competence Network. It should deliver cybersecurity-related financial support from the Horizon Europe and Digital Europe programmes, and should be open to the European Regional Development Fund, European Defence Fund and other programmes where appropriate. This approach should contribute to creating synergies and coordinating financial support related to cybersecurity research, innovation, technology and industrial development and avoiding duplication.

Amendment 125 #

Proposal for a regulation
Recital 8 a (new)

(8a) The enhancement of dual use application of cybersecurity technologies for cybersecurity purposes is without prejudice to the civilian nature of this Regulation and should therefore reflect specificities of Member States in cases when cybersecurity policy is pursued by civil-military or military authorities, and ensure complementarity but not overlap to the cyber defence related funding instruments.

Amendment 126 #

Proposal for a regulation
Recital 9

Amendment 127 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Recital 12

(12) National Coordination Centres should be selected by Member States and approved by the Competence Centre. In addition to the necessary administrative capacity, Centres should either possess or have direct access to cybersecurity technological expertise in cybersecurity, notably in domains such as cryptography, ICT security services, intrusion detection, system security, network security, software and application security, or human ~~and socie~~, societal and environmental aspects of security and privacy. They should also have the capacity to effectively engage and coordinate with the industry, the public sector, including authorities designated pursuant to the Directive (EU) 2016/1148 of the European Parliament and of the Council23 , and the research community in order to establish a continuous public- private dialogue on cybersecurity. _________________ 23 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (OJ L 194, 19.7.2016, p. 1).

Amendment 128 #

Proposal for a regulation
Recital 12

(12) National Coordination Centres should be selected by Member States. In addition to the necessary administrative capacity, Centres should either possess or have direct access to cybersecurity technological expertise in cybersecurity, notably in domains such as cryptography, ICT security services, intrusion detection, system security, network security, software and application security, or human and societal aspects of security and privacy. They should also have the capacity to effectively engage and coordinate with the industry, including SMEs, the public sector, including authorities designated pursuant to the Directive (EU) 2016/1148 of the European Parliament and of the Council23 , and the research community. _________________ 23 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (OJ L 194, 19.7.2016, p. 1).

Amendment 129 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Recital 14

(14) Emerging technologies such as artificial intelligence, Internet of Things, high-performance computing (HPC) and quantum computing, blockchain and concepts such as secure digital identities create at the same time new challenges for cybersecurity as well as offer solutions. Additional challenges exist in the form of algorithmic bias, particularly in social media. Assessing and validating the robustness of existing or future ICT systems will require testing security solutions against attacks run on HPC and quantum machines. The Competence Centre, the Network and the Cybersecurity Competence Community should help advance and disseminate the latest cybersecurity solutions and assist with the attribution of cyber attacks, where they take place. At the same time the Competence Centre and the Network should be at the service of developers and operators in critical sectors such as transport, energy, health, financial, government, telecom, manufacturing, defence, and space to help them solve their cybersecurity challenges.

Amendment 130 #

Proposal for a regulation
Recital 14

(14) Emerging technologies such as artificial intelligence, Internet of Things, high-performance computing (HPC) and quantum computing, blockchain and concepts such as secure digital identities create at the same time new challenges for cybersecurity as well as offer solutions. Assessing and validating the robustness of existing or future ICT systems will require testing security solutions against attacks run on HPC and quantum machines. The Competence Centre, the Network and the Cybersecurity Competence Community should help advance and disseminate the latest cybersecurity solutions and research to bridge the valley of death of innovation of cybersecurity technologies and services. At the same time the Competence Centre ~~and~~, the Network and the Cybersecurity Competence Community should be at the service of developers and operators in critical sectors such as transport, energy, health, financial, government, telecom, manufacturing, defence, and space to help them solve their cybersecurity challenges.

Amendment 131 #

Proposal for a regulation
Recital 14

(14) Emerging technologies such as artificial intelligence, Internet of Things, high-performance computing (HPC) and quantum computing, blockchain and concepts such as secure digital identities create at the same time new challenges for cybersecurity as well as offer solutions. Assessing and validating the robustness of existing or future ICT systems will require testing security solutions against attacks run on HPC and quantum machines. The Competence Centre, the Network and the Cybersecurity Competence Community should help advance and disseminate the latest cybersecurity solutions, in particular those that help organizations to be in a constant state of building capacity, resilience and appropriate governance. . At the same time the Competence Centre and the Network should be at the service of developers and operators in critical sectors such as transport, energy, health, financial, government, telecom, manufacturing, defence, and space to help them solve their cybersecurity challenges.

Amendment 132 #

Proposal for a regulation
Recital 14

(14) Emerging technologies such as artificial intelligence, Internet of Things, high-performance computing (HPC) and quantum computing, blockchain and concepts such as secure digital identities create at the same time new challenges for cybersecurity as well as offer solutions. Assessing and validating the robustness of existing or future ICT systems will require testing security solutions against attacks run on HPC and quantum machines. The Competence Centre, the Network and the Cybersecurity Competence Community should help advance and disseminate the latest cybersecurity solutions. At the same time the Competence Centre and the Network should be at the service of developers and operators in the critical sectors ~~such as~~of transport, energy, health, financial, government, telecom, manufacturing, defence, and space to help them solve their cybersecurity challenges, including the theft of intellectual property and industrial espionage undertaken with IT tools.

Amendment 133 #

Proposal for a regulation
Recital 14

(14) Emerging technologies such as artificial intelligence, Internet of Things, high-performance computing (HPC) and quantum computing, blockchain and concepts such as secure digital identities create at the same time new challenges for cybersecurity as well as offer solutions. Assessing and validating the robustness of existing or future ICT systems will require testing security solutions against attacks run on HPC and quantum machines. The Competence Centre, the Network, the European Digital Innovation Hubs and the Cybersecurity Competence Community should help advance and disseminate the latest cybersecurity solutions. At the same time the Competence Centre and the Network should be at the service of developers and operators in critical sectors such as transport, energy, health, financial, government, telecom, manufacturing, defence, and space to help them solve their cybersecurity challenges.

Amendment 134 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Recital 14

(14) Emerging technologies such as artificial intelligence, Internet of Things, high-performance computing (HPC) and quantum computing, blockchain and concepts such as secure digital identities create at the same time new challenges for cybersecurity as well as offer solutions. Assessing and validating the robustness of existing or future ICT systems will require testing security solutions against attacks run on HPC and quantum machines. The Competence Centre, the Network and the Cybersecurity Competence Community should help advance and disseminate the latest cybersecurity solutions including dual use. At the same time the Competence Centre and the Network should be at the service of developers and operators in critical sectors such as transport, energy, health, financial, government, telecom, manufacturing, defence, and space to help them solve their cybersecurity challenges.

Amendment 135 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Recital 14 a (new)

(14a) Due to the fast changing nature of cyber threats and cybersecurity, the Union needs to be able to adapt fast and continuously to new developments in the field. Hence, the Competence Centre, the Cybersecurity Competence Network and the Cybersecurity Competence Community should be flexible enough to ensure the required reactivity. They should facilitate solutions that help entities to be able to constantly build capability to enhance their and the Union’s resilience.

Amendment 136 #

Proposal for a regulation
Recital 14 b (new)

(14b) The Competence Centre should have the objectives to establish European leadership and expertise in cybersecurity, and by that guarantee the highest security standards in the Union, ensure the protection of data, information systems, networks and critical infrastructures in the Union, create new high-quality jobs in the area, prevent brain drain from the European cybersecurity experts to third countries, and add European value to the already existing national cybersecurity measures.

Amendment 137 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO

Proposal for a regulation
Recital 15

(15) The Competence Centre should have several key functions. First, the Competence Centre should facilitate and help coordinate the work of the European Cybersecurity Competence Network and nurture the Cybersecurity Competence Community. The Centre should drive the cybersecurity technological agenda and pool, share and facilitate access to the expertise gathered in the Network and the Cybersecurity Competence Community, and to cybersecurity infrastructure. Secondly, it should implement relevant parts of Digital Europe and Horizon Europe programmes by allocating grants, typically following a competitive call for proposals. Thirdly, the Competence Centre should facilitate joint investment ~~by the Union, Member States and/or industr~~, training opportunities and awareness raising programmes in line with the Digital Europe Programme for citizens and businesses to overcome the skill gap by the Union, Member States and/or industry. It should pay special attention to the enabling of SMEs in the area of cybersecurity.

Amendment 138 #

Proposal for a regulation
Recital 15

(15) The Competence Centre should have several key functions. First, the Competence Centre should facilitate and help coordinate the work of the European Cybersecurity Competence Network and nurture the Cybersecurity Competence Community. The Centre should drive the cybersecurity technological agenda ~~and~~by facilitateing access to the expertise gathered in the Network and the Cybersecurity Competence Community and launching awareness campaigns aimed in particular at SMEs. Secondly, it should implement relevant parts of Digital Europe and Horizon Europe programmes by allocating grants, typically following a competitive call for proposals. Thirdly, the Competence Centre should facilitate joint investment by the Union, Member States and/or industry.

Amendment 139 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO

Proposal for a regulation
Recital 15

(15) The Competence Centre should have several key functions. First, the Competence Centre should facilitate and help coordinate the work of the European Cybersecurity Competence Network and nurture the Cybersecurity Competence Community. The Centre should drive the cybersecurity technological agenda and facilitate access to the expertise gathered in the Network and the Cybersecurity Competence Community. Secondly, it should implement relevant parts of Digital Europe and Horizon Europe programmes by allocating grants, ~~typically~~especially in the field of quantum technologies, following a competitive call for proposals. Thirdly, the Competence Centre should facilitate joint investment by the Union, Member States and/or industry.

Amendment 140 #

Clare MOODY

Proposal for a regulation
Recital 15

(15) The Competence Centre should have several key functions. First, the Competence Centre should facilitate and help coordinate the work of the European Cybersecurity Competence Network and nurture the Cybersecurity Competence Community. The Centre should drive the cybersecurity technological agenda and facilitate access to the expertise gathered in the Network and the Cybersecurity Competence Community. Secondly, it should implement relevant parts of Digital Europe ~~and~~, Horizon Europe and European Defence Fund programmes by allocating grants, typically following a competitive call for proposals. Thirdly, the Competence Centre should facilitate joint investment by the Union, Member States and/or industry.

Amendment 141 #

Proposal for a regulation
Recital 16

(16) The Competence Centre should stimulate and support the long-term strategic cooperation and coordination of the activities of the Cybersecurity Competence Community, which would involve a large, open, interdisciplinary and diverse group of European actors involved in cybersecurity technology. That Community should include in particular research entities, supply-side industries, and demand -side industries including SMEs, and the public sector. The Cybersecurity Competence Community should provide input to the activities and work plan of the Competence Centre and it should also benefit from the community- building activities of the Competence Centre and the Network, but otherwise should not be privileged with regard to calls for proposals or calls for tender.

Amendment 142 #

Proposal for a regulation
Recital 16 a (new)

(16a) The Competence Centre should provide the appropriate support to ENISA in its tasks defined by Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (“NIS Directive”) and to the Regulation (EU) 2018/XXX of the European Parliament and of the Council of YYY on ENISA, the “EU Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (“Cybersecurity Act”). Therefore, ENISA should provide relevant inputs to the Competence Centre in its task of defining funding priorities.

Amendment 143 #

Proposal for a regulation
Recital 17

(17) In order to respond to the needs of both demand and supply side industries, the Competence Centre’s task to provide cybersecurity knowledge and technical assistance to industries should refer to both ICT products and services and all other industrial and technological products and solutions in which cybersecurity is to be embedded. In particular, the Competence Centre should facilitate the deployment of dynamic enterprise-level solutions focused on building capabilities of entire organizations, including people, processes and technology, in order to effectively protect the organizations against constantly changing cyber threats.

Amendment 144 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Recital 17

(17) In order to respond to the needs of the public sector and both demand and supply side industries, the Competence Centre’s task to provide cybersecurity knowledge and technical assistance to the public sector and industries should refer to both ICT products and services and all other industrial and technological products and solutions in which cybersecurity is to be embedded.

Amendment 145 #

Proposal for a regulation
Recital 17

Amendment 146 #

Proposal for a regulation
Recital 17

Amendment 147 #

Proposal for a regulation
Recital 18

(18) Whereas the Competence Centre and the Network should strive to achieve synergies between the cybersecurity civilian and defence spheres in line with the Union goals as laid out by Common Foreign and Security Policy and the Permanent Structured Cooperation, projects financed by the Horizon Europe Programme will be implemented in line with Regulation XXX [Horizon Europe Regulation], which provides that research and innovation activities carried out under Horizon Europe shall have an exclusive focus on civil applications. Actions enhancing such synergies shall therefore be co-funded through the European Defence Fund.

Amendment 148 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Recital 18

(18) Whereas the Competence Centre and the Network should strive to achieve synergies and coordination between the cybersecurity civilian and defence spheres, projects financed by the Horizon Europe Programme will be implemented in line with Regulation XXX [Horizon Europe Regulation], which provides that research and innovation activities carried out under Horizon Europe shall have a focus on civil applications.

Amendment 149 #

Proposal for a regulation
Recital 19

(19) In order to ensure structured and sustainable collaboration, the relation between the Competence Centre and the National Coordination Centres should be based on a contractual agreement that should be harmonised on European level.

Amendment 150 #

Paul RÜBIG, Angelika NIEBLER, Pilar DEL CASTILLO VERA

Proposal for a regulation
Recital 20

(20) Appropriate provisions should be made to guarantee the liability and transparency of the Competence Centre and those undertakings receiving funding.

Amendment 151 #

Proposal for a regulation
Recital 20 a (new)

(20a) The implementation of deployment projects, in particular those relating to infrastructures and capabilities deployed at European level or in joint procurement, can be divided into different phases of implementation, such as separate tenders for the architecture of hard- and software, their production and their operation and maintenance, whereas companies may only participate in one of the phases each and requiring that the beneficiaries in one or several of those phases meet certain conditions in terms of European ownership or control.

Amendment 152 #

Angelika NIEBLER

Proposal for a regulation
Recital 20 a (new)

(20a) With regard to the existing cybersecurity agency ENISA, the Competence Centre should seek the greatest possible synergies with ENISA.

Amendment 153 #

Proposal for a regulation
Recital 21

Amendment 154 #

Proposal for a regulation
Recital 21

(21) In view of their respective expertise in cybersecurity, the Joint Research Centre of the Commission as well as the European Network and Information Security Agency (ENISA) should play by ensuring synergies an active part in the Cybersecurity Competence Community and the Industrial and Scientific Advisory Board.

Amendment 155 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Recital 21 a (new)

(21a) In order to avoid duplication and to ensure the most efficient establishment of cybersecurity expertise in the Union, the Competence Centre, the Network and the Cybersecurity Competence Community should act coherently, consistently and complementary with ENISA, the “Cybersecurity Act”(COM(2017)0477) and the European Standardisation Organisations, bearing in mind that ENISA should continue fulfilling its strategic objectives especially in the field of cybersecurity certification as defined in the “Cybersecurity Act” while the Competence Centre should act as an operational body in cybersecurity.

Amendment 156 #

Proposal for a regulation
Recital 23 a (new)

(23a) Member State co funding to ESIF or any other Union programme other than the Horizon Europe or the Digital Europe programme could be considered part of Member State contribution to the Competence Centre insofar as such funding in allocated to activities within the remit of the Competence Centre missions and tasks.

Amendment 157 #

Proposal for a regulation
Recital 24

(24) The Governing Board of the Competence Centre, composed of the Member States and the Commission, should define the general direction of the Competence Centre’s operations, and ensure that it carries out its tasks in accordance with this Regulation. The Governing Board should be entrusted with the powers necessary to establish the budget, verify its execution, adopt the appropriate financial rules, establish transparent working procedures for decision making by the Competence Centre, adopt the Competence Centre’s work plan and multiannual strategic plan reflecting the priorities in achieving the objectives and tasks of the Competence Centre, adopt its rules of procedure, appoint the Executive Director and decide on the extension of the Executive Director’s term of office and on the termination thereof. In order to benefit from synergies, ENISA should be a permanent observer in the Governing Board and contribute the work of the Competence Centre, including by being consulted on the multi-annual strategic plan and on the work plan and on the list of actions selected for funding.

Amendment 158 #

Pavel TELIČKA

Proposal for a regulation
Recital 24

(24) The Governing Board of the Competence Centre, composed of representatives of the Member States ~~and~~, the Commission and the European Network and Information Security Agency (ENISA), should define the general direction of the Competence Centre’s operations, and ensure that it carries out its tasks in accordance with this Regulation. The Governing Board should be entrusted with the powers necessary to establish the budget, verify its execution, adopt the appropriate financial rules, establish transparent working procedures for decision making by the Competence Centre, adopt the Competence Centre’s work plan and multiannual strategic plan reflecting the priorities in achieving the objectives and tasks of the Competence Centre, adopt its rules of procedure, appoint the Executive Director and decide on the extension of the Executive Director’s term of office and on the termination thereof.

Amendment 159 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Recital 25

(25) In order for the Competence Centre to function properly and effectively, the Commission and the Member States should ensure that persons to be appointed to the Governing Board have appropriate professional expertise and experience in functional areas and that gender balance is ensured. The Commission and the Member States should also make efforts to limit the turnover of their respective Representatives on the Governing Board in order to ensure continuity in its work.

Amendment 160 #

Proposal for a regulation
Recital 25

(25) In order for the Competence Centre to function properly and effectively, the Commission and the Member States should ensure that persons to be appointed to the Governing Board have appropriate professional expertise and experience in functional areas and is gender balanced. The Commission and the Member States should also make efforts to limit the turnover of their respective Representatives on the Governing Board in order to ensure continuity in its work.

Amendment 161 #

Proposal for a regulation
Recital 25 a (new)

(25a) The weight of the Commission vote in the decisions of the Governing Board should be in line with the contribution of the EU budget to the Competence Centre, according to the Commission responsibility to ensure proper management of the Union budget in the Union interest, as set in the Treaties.

Amendment 162 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO

Proposal for a regulation
Recital 26

(26) The smooth functioning of the Competence Centre requires that its Executive Director be appointed onin a transparent manner on the grounds of merit and documented administrative and managerial skills, as well as competence and experience relevant for cybersecurity, and that the duties of the Executive Director be carried out with complete independence.

Amendment 163 #

Proposal for a regulation
Recital 27

(27) The Competence Centre should have an Industrial and Scientific Advisory Board as an advisory body to ensure regular dialogue with the private ~~sector~~and public sector, including SMEs, consumers’ organisations and other relevant stakeholders from all parts of the Union. The Industrial and Scientific Advisory Board should focus on issues relevant to stakeholders and bring them to the attention of the Competence Centre’s Governing Board. The composition of the Industrial and Scientific Advisory Board and the tasks assigned to it, such as being consulted regarding the work plan, should ensure sufficient representation of the above-mentioned stakeholder groups in the work of the Competence Centre.

Amendment 164 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Recital 27

(27) The Competence Centre should have an Industrial and Scientific Advisory Board as an advisory body to ensure regular and appropriately transparent dialogue with the private sector, consumers’ organisations and other relevant stakeholders. The Industrial and Scientific Advisory Board should focus on issues relevant to stakeholders and bring them to the attention of the Competence Centre’s Governing Board. The composition of the Industrial and Scientific Advisory Board and the tasks assigned to it, such as being consulted regarding the work plan, should ensure sufficient representation of stakeholders in the work of the Competence Centre.

Amendment 165 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Recital 28

(28) The Competence Centre and its activities should benefit from the particular expertise and the broad and relevant stakeholders’ representation built through the contractual public-private partnership on cybersecurity during the duration of Horizon2020, ~~through its Industrial and Scientific Advisory Board.~~ and the pilot projects under Horizon2020 on the Cybersecurity Competence Network, through its Industrial and Scientific Advisory Board. The Competence Centre and Industrial and Scientific Advisory Board should, if appropriate, consider replications of existing structures, for example as working groups.

Amendment 166 #

Proposal for a regulation
Recital 33 a (new)

(33a) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission when provided for by this Regulation. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council

Amendment 167 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Recital 34

(34) ~~Since t~~The objectives of this Regulation, namely the development of European leadership in cybersecurity through retaining and developing Union’s cybersecurity technological and industrial capacities, increasing the competitiveness of the Union’s cybersecurity industry and turning cybersecurity into a competitive advantage of other Union industries, cannot be sufficiently achieved by the Member States due the fact that existing, limited resources are dispersed as well as due to the scale of the investment necessary, but can rather by reason of avoiding unnecessary duplication of these efforts, helping to achieve critical mass of investment and ensuring that public financing is used in an optimal way be better achieved at Union level. In addition, only actions on the European level can ensure the highest level of cybersecurity in all Member States and thus close security gaps existing in some Member States that create security gaps for the whole Union. Hence, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve that objective.

Amendment 168 #

Proposal for a regulation
Article 1 – paragraph 2

2. The Competence Centre shall contribute to the implementation of the cybersecurity part of the Digital Europe Programme established by Regulation No XXX and in particular actions related to Article 6 of Regulation (EU) No XXX [Digital Europe Programme] thereof ~~and~~, of the Horizon Europe Programme established by Regulation No XXX and in particular Section 2.2.6 of Pillar II of Annex I. of Decision No XXX on establishing the specific programme implementing Horizon Europe – the Framework Programme for Research and Innovation[ref. number of the Specific Programme], and of the European Defence Fund established by Regulation(EU) No XXX for actions related to defence.

Amendment 169 #

Proposal for a regulation
Article 1 – paragraph 3

3. The seat of the Competence Centre sh~~all be located in [Brussels, Belgium.]~~ould have the pre-selected necessary infrastructure and comply with the federal principle.

Amendment 170 #

Proposal for a regulation
Article 1 – paragraph 3

3. The seat of the Competence Centre shall be ~~located in [Brussels, Belgium.]~~determined by means of a tender procedure, taking into account:

Amendment 171 #

Proposal for a regulation
Article 1 – paragraph 3 – point 1 (new)

(1) the accessibility and duration of travel from the Member States;

Amendment 172 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 1 – paragraph 3 – point 2 (new)

(2) the competence of the applicant Member State in terms of a sound European security policy

Amendment 173 #

Proposal for a regulation
Article 1 – paragraph 4

4. The Competence Centre shall not have a legal personality. In each Member State, it shall enjoy the most extensive legal capacity accorded to legal persons under the laws of that Member State. It may, in particular, acquire or dispose of movable and immovable property and may be a party to legal proceedingst shall be a Task Force set up by the Commission, including by providing appropriate staff for the activities of the Competence Centre as laid down by the present Regulation.

Amendment 174 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Eugen FREUND

Proposal for a regulation
Article 2 – paragraph 1 – point 1

(1) ‘cybersecurity’ means ~~the~~all activities necessary to protect~~ion of~~ network and information systems, their users, and ~~other~~affected persons ~~against~~from cyber threats;

Amendment 175 #

Proposal for a regulation
Article 2 – paragraph 1 – point 1

(1) ‘cybersecurity’ means the pro~~tection of~~cess of protecting network and information systems, their users, and other persons against cyber threats;

Amendment 176 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 2 – paragraph 1 – point 2

(2) ‘cybersecurity products and solutions’ means ICT products, services or processes with the specific purpose of protecting data, network and information systems, their users and affected persons from cyber threats;

Amendment 177 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 2 – paragraph 1 – point 2 a (new)

(2a) ‘cyber threat’ means any potential circumstance, event or action that may damage, disrupt or otherwise adversely impact network and information systems, their users and affected persons;

Amendment 178 #

Proposal for a regulation
Article 2 – paragraph 1 – point 4

~~(4) ‘participating Member State’ means a Member State which voluntarily contributes financially to the administrative and operational costs of the Competence Centre.~~deleted

Amendment 179 #

Jens GEIER

Proposal for a regulation
Article 2 – paragraph 1 – point 4

(4) ‘~~participa~~contributing Member State’ means a Member State which voluntarily contributes financially to the administrative and operational costs of the Competence Centre. and enjoys the right to vote on the Governing Board. (Amendment of “participating” to “contributing” applies throughout the text. Adopting it will necessitate corresponding changes throughout.)

Amendment 180 #

Proposal for a regulation
Article 2 – paragraph 1 – point 4 a (new)

(4a) ‘European Digital Innovation Hubs’ means non-for-profit organisations established by [Regulation 2018/XXX of the European Parliament and of the Council establishing the Digital Europe Programme] which act as a one-stop-shop for industry, including SMEs, public organisations and academia in order to stimulate the broad adoption of digital technologies and provide support in the area of advanced digital skills.

Amendment 181 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 3 – paragraph 1 – point a

(a) retain and develop the cybersecurity technological and industrial capacities and expertise necessary to secure and further the protection of data of European citizens and companies, critical infrastructures for the functioning of society such as transport systems, health systems, banking, and its Digital Single Market;

Amendment 182 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 3 – paragraph 1 – point b a (new)

(ba) develop European leadership in cybersecurity and ensure the highest cybersecurity standards throughout the Union reinforcing its Digital autonomy;

Amendment 183 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 3 – paragraph 1 – point b b (new)

(bb) reinforce the trust of citizens, consumers and businesses in the digital world, and therefore contributing to the goals of the Digital Single Market Strategy;

Amendment 184 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 3 – paragraph 1 – point b c (new)

(bc) increase the uptake of cybersecurity products and solutions developed within the Union;

Amendment 185 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 3 – paragraph 1 – point b d (new)

(bd) raise awareness on cybersecurity and reduce the skill gap in cybersecurity in the Union

Amendment 186 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 3 – paragraph 2

2. The Competence Centre shall undertake its tasks, where appropriate, in collaboration with the Network of National Coordination Centres ~~and a~~, the European Digital Innovation Hubs and the Cybersecurity Competence Community.

Amendment 187 #

Proposal for a regulation
Article 3 a (new)

Article 3 a Coherence, consistency and complemenetarity In implementing this Regulation, consistency, synergies and complementarity with the “Cybersecurity Act” (COM(2017)0477), the European Standardisation Organisations, European bodies and institutions as referred to in Art. 10 of this Regulation, other relevant Programmes of Union action and relevant Union policies shall be ensured. Unnecessary duplications shall be avoided.

Amendment 188 #

Proposal for a regulation
Article 4 – paragraph 1 – point 1

1. ~~facilit~~create and ~~help coordinate the work of~~manage the National Coordination Centres Network (‘the Network’) referred to in Article 6 and coordinate its work with the European Digital Innovation Hubs and the Cybersecurity Competence Community (‘the Community’)referred to in Article 8;

Amendment 189 #

Proposal for a regulation
Article 4 – paragraph 1 – point 1

1. facilitate the creation where necessary and help coordinate the work of the National Coordination Centres Network (‘the Network’) referred to in Article 6 and the Cybersecurity Competence Community referred to in Article 8;

Amendment 190 #

Proposal for a regulation
Article 4 – paragraph 1 – point 2

2. contribute to the implementation of the cybersecurity part of the Digital Europe Programme established by Regulation No XXX26 and in particular actions related to Article 6 of Regulation (EU) No XXX [Digital Europe Programme] ~~and~~, of the Horizon Europe Programme established by Regulation No XXX27 and in particular Section 2.2.6 of Pillar II of Annex I. of Decision No XXX on establishing the specific programme implementing Horizon Europe – the Framework Programme for Research and Innovation[ref. number of the Specific Programme] and of the European Defence Fund established by Regulation (EU) No XXX. and of other Union programmes when provided for in legal acts of the Union]; _________________ 26 [add full title and OJ reference] 27 [add full title and OJ reference]

Amendment 191 #

Clare MOODY

Proposal for a regulation
Article 4 – paragraph 1 – point 2

2. contribute to the implementation of the cybersecurity part of the Digital Europe Programme established by Regulation No XXX26 and in particular actions related to Article 6 of Regulation (EU) No XXX [Digital Europe Programme] and of the Horizon Europe Programme established by Regulation No XXX27 and in particular Section 2.2.6 of Pillar II of Annex I. of Decision No XXX on establishing the specific programme implementing Horizon Europe – the Framework Programme for Research and Innovation[ref. number of the Specific Programme]., the European Defence Fund established by Regulation (EU) No XXX and of other Union programmes when provided for in legal acts of the Union]; _________________ 26 27[add full title and OJ reference] [add full title and OJ reference] 27 [add full title and OJ reference] [add full title and OJ reference]

Amendment 192 #

Proposal for a regulation
Article 4 – paragraph 1 – point 2

2. co~~ntribute to~~ordinate the implementation of the cybersecurity part of the Digital Europe Programme established by Regulation No XXX26 and in particular actions related to Article 6 of Regulation (EU) No XXX [Digital Europe Programme] and of the Horizon Europe Programme established by Regulation No XXX27 and in particular Section 2.2.6 of Pillar II of Annex I. of Decision No XXX on establishing the specific programme implementing Horizon Europe – the Framework Programme for Research and Innovation[ref. number of the Specific Programme]. and of other Union programmes when provided for in legal acts of the Union]; _________________ 26 27[add full title and OJ reference] [add full title and OJ reference] 27 [add full title and OJ reference] [add full title and OJ reference]

Amendment 193 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point a

Amendment 194 #

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point a

(a) having regard to the state-of-the-art cybersecurity industrial and research infrastructures and related services , acquiring, upgrading, operating and making available such infrastructures and related services to a wide range of users across the Union from industry, in~~cluding~~ particular SMEs, the public sector and the research and scientific community;

Amendment 195 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point a

(a) having regard to the state-of-the-art cybersecurity industrial and research infrastructures and related services , acquiring, upgrading, operating and making available such infrastructures and related services to a wide range of users across the Union from industry ~~including~~, especially SMEs, the public sector and the research and scientific community;

Amendment 196 #

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point b

(b) having regard to the state-of-the-art cybersecurity industrial and research infrastructures and related services, providing support to other entities, including financially, to acquiring, sharing, upgrading, operating and making available such infrastructures and related services to a wide range of users across the Union from industry, in~~cluding~~ particular SMEs, the public sector and the research and scientific community;

Amendment 197 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point c

(c) providing cybersecurity knowledge and technical assistance to industry, research institutions and public authorities, in particular by supporting actions aimed at facilitating access to the expertise available in the Network and the Cybersecurity Competence Community;

Amendment 198 #

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point c

(c) providing cybersecurity knowledge and technical assistance to industry, SMEs and public authorities, in particular by supporting actions aimed at facilitating access to the expertise available in the Network and the Cybersecurity Competence Community;

Amendment 199 #

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point c a (new)

(ca) supporting the development of independent products and processes that can be freely studied, shared, and built upon, in particular in the field of verified and verifiable hard- and software, in close cooperation with the industry, the Network and the Community;

Amendment 200 #

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point c a (new)

(ca) operating as a one stop shop for cyber security solutions financed through other programmes like InvestEU or the Single Market Programme, in particular for SMEs;

Amendment 201 #

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point c a (new)

(ca) the mapping and evaluation of algorithms relevant regarding to cybersecurity

Amendment 202 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 4 – paragraph 1 – point 3 – point c b (new)

(cb) bringing together stakeholders from industry, trade unions, academia, research organisations and public entities to ensure long-term cooperation on developing and implementing cybersecurity products and solutions, including pooling and sharing of resources and information regarding such products and solutions if appropriate;

Amendment 203 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 4 – paragraph 1 – point 3 a (new)

3a. d) Facilitating exchange of cyber-security related information and resources between organisations in order to improve overall cyber resilience within the Union.

Amendment 204 #

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – introductory part

4. contribute to the wide deployment of state-of-the-art cyber security products and solutions across the economy, by carrying out the following tasks in accordance with the principles of equal treatment and no discrimination and the requirements of Directive 2014/24/EU:

Amendment 205 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – introductory part

4. contribute to the wide deployment of state-of-the-art internationally recognised cyber security products and solutions across the economy, by carrying out the following tasks:

Amendment 206 #

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – point a

(a) stimulating the whole innovation cycle of cybersecurity and bridging the valley of death of innovation by enhancing cybersecurity research, development and the ~~uptake of Union~~market uptake cybersecurity products and holistic solutions by public authorities and user industries in the Union;

Amendment 207 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – point a

(a) stimulating cybersecurity research, development and the uptake of Union cybersecurity products, processes and solutions by public authorities and user industries;

Amendment 208 #

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – point a

(a) stimulating cybersecurity research, development and the uptake of ~~Union~~ cybersecurity products and solutions by public authorities and user industries; in the Union;

Amendment 209 #

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – point b

(b) assisting public authorities, demand side industries and other users in adopting and integrating the latest cyber security solutions; including holistic solutions designed to build cyber resilience within and information sharing amongst organizations, in order to improve overall cyber resilience within the Union.

Amendment 210 #

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – point b a (new)

(ba) assisting implementing of future Security Ethical Research Guidelines.

Amendment 211 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – point b b (new)

(bb) gathering of Vulnerability Disclosures reported by the Cybersecurity Competence Community, coordination of the development of patches, fixes and solutions and the distribution of those.

Amendment 212 #

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – point c

(c) ~~supporting in particular public authorities in organising their public procurement, or carry~~when explicitly requested, supporting public authorities in providing guidance on public procurement procedures, including ~~out~~for procurement of state-of-the-art cybersecurity products and solutions ~~on behalf of public authorities~~;

Amendment 213 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO

Proposal for a regulation
Article 4 – paragraph 1 – point 4 – point d

(d) providing financial support and technical assistance to cybersecurity start- ups and SMEs to connect to potential markets ~~and to attract investment~~, enhance expertise on cybersecurity in these companies and to attract investment to be able to implement cybersecurity products and solutions and/or to become competitive players in the field;

Amendment 214 #

Angelika NIEBLER

Proposal for a regulation
Article 4 – paragraph 1 – point 4 a (new)

4a. Promoting cybersecurity certification in line with the Regulation of the European Parliament and of the Council on ENISA, the “EU Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (‘‘Cybersecurity Act’’) COM/2017/0477 final - 2017/0225 (COD).

Amendment 215 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 4 – paragraph 1 – point 5 – point a

(a) supporting further development, pooling and sharing of cybersecurity skills and competences, where appropriate together with relevant EU agencies and bodies including ENISA and supporting the objective on advanced digital skills of the Digital Europe Programme where appropriate.

Amendment 216 #

Proposal for a regulation
Article 4 – paragraph 1 – point 5 – point a

(a) supporting further development of cybersecurity skills at all educational levels, where appropriate together with relevant EU agencies and bodies including ENISA.

Amendment 217 #

Proposal for a regulation
Article 4 – paragraph 1 – point 5 – point a

(a) supporting further development of cybersecurity skills , where appropriate ~~together~~aligning with relevant EU agencies and bodies including ENISA.

Amendment 218 #

Proposal for a regulation
Article 4 – paragraph 1 – point 5 – point a

(a) supporting further development of cybersecurity skills ~~, where appropriate~~, together with relevant EU agencies and bodies including ENISA.

Amendment 219 #

Proposal for a regulation
Article 4 – paragraph 1 – point 5 – point a a (new)

(aa) Ensuring the Competence Centre links to existing work on standardisation, including research into the effects on cybersecurity of existing international standards and any associated certification and/or promotion schemes.

Amendment 220 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 4 – paragraph 1 – point 5 – point a a (new)

(aa) Supporting initiatives designed to develop cyber talent across the EU, with a focus on developing gender balanced cyber skills in primary, secondary and tertiary education.

Amendment 221 #

Proposal for a regulation
Article 4 – paragraph 1 – point 6 – point b

(b) support large-scale research and demonstration projects in next generation cybersecurity technological capabilities, in collaboration with the industry ~~and~~, research institutions, public sector and authorities, including the Network;

Amendment 222 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 4 – paragraph 1 – point 6 – point c

(c) support research and innovation for standardisation in cybersecurity technology, where appropriate aligning with relevant EU agencies and bodies including ENISA;

Amendment 223 #

(c) support research and innovation for standardisation in cybersecurity technology in cooperation with the European Standardisation Organisations;

Amendment 224 #

Proposal for a regulation
Article 4 – paragraph 1 – point 6 – point c a (new)

(ca) supporting research in the field of cybercrime (computer-oriented crime)

Amendment 225 #

Proposal for a regulation
Article 4 – paragraph 1 – point 7 – introductory part

7. enhance cooperation between the civil and defence spheres with regard to dual use ~~technologi~~projects, services, competences and applications in cybersecurity, by carrying out the following tasks:

Amendment 226 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 4 – paragraph 1 – point 7 – point c

(c) bringing together stakeholders, to foster synergies between civil and defence cyber security research ~~and markets~~, development of cybersecurity products and solutions, and markets; in line with the Union goals as laid out by Common Foreign and Security Policy and the Permanent Structured Cooperation;

Amendment 227 #

Proposal for a regulation
Article 4 – paragraph 1 – point 8

Amendment 228 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO

Proposal for a regulation
Article 4 – paragraph 1 – point 8 – introductory part

8. enhance synergies between the civil and defence dimensions of cybersecurity in relation to the European Defence Fund including by carrying out the following tasks:

Amendment 229 #

8a. provide special support to SMEs by facilitating their access to knowledge and training through tailored access to the deliverables of the Competences Centres in order to allow them to secure themselves sufficiently and to allow those who are active in cybersecurity to become more competitive and to contribute thereby to the European leadership in the field.

Amendment 230 #

Paul RÜBIG, Angelika NIEBLER, Pilar DEL CASTILLO VERA

Proposal for a regulation
Article 5 – paragraph 1 – introductory part

1. Where the Competence Centre provides funding for infrastructures, capabilities, products or solutions pursuant to Article 4(3) and (4) in the form of a procurement, grant or a prize, the work plan of the Competence Centre may specify in particular:

Amendment 231 #

Paul RÜBIG, Angelika NIEBLER, Pilar DEL CASTILLO VERA

Proposal for a regulation
Article 5 – paragraph 1 – point b a (new)

(ba) rules governing different phases of implementation.

Amendment 232 #

Proposal for a regulation
Article 5 – paragraph 2

2. The Competence Centre may be responsible for the overall execution of relevant joint procurement actions including pre-commercial procurements on behalf of members of the Network, members of the cybersecurity Competence Community, or other third parties representing the users of cybersecurity products and solutions. For this purpose, the Competence Centre may be assisted by one or more National Coordination Centres or relevant European Digital Innovation Hubs or members of the Cybersecurity Competence Community.

Amendment 233 #

Proposal for a regulation
Article 6 – paragraph 1

1. 1.One National Coordination Centre shall be set up in each Member State. 1a. By [date], each Member State shall nominate the entity to act as the National Coordination Centre for the purposes of this Regulation and notify it to the Commission.

Amendment 234 #

Proposal for a regulation
Article 6 – paragraph 1

1. By [date], each Member State shall nominate the entity to act as the National Coordination Centre for the purposes of this Regulation and notify it to the Commission and to the Governing Board.

Amendment 235 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 6 – paragraph 2

2. On the basis of an assessment concerning the compliance of that entity with the criteria laid down in paragraph 4, the ~~Commission~~Governing Board shall issue a decision within 6 months from the nomination transmitted by the Member State providing for the accreditation of the entity as a National Coordination Centre or rejecting the nomination. The list of National Coordination Centres shall be published by the Commission.

Amendment 236 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 6 – paragraph 4

Amendment 237 #

Proposal for a regulation
Article 6 – paragraph 5

5. The relationship between the Competence Centre and the National Coordination Centres shall be based on a contractual agreement harmonised on Union level and signed between the Competence Centre and each of the National Coordination Centres. The agreement shall provide for the rules governing the relationship and division of tasks between the Competence Centre and each National Coordination Centre.

Amendment 238 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 6 – paragraph 5

5. The relationship between the Competence Centre and the National Coordination Centres shall be based on a standard contractual agreement signed between the Competence Centre and each of the National Coordination Centres. The agreement shall provide for the rules governing the relationship and division of tasks between the Competence Centre and ~~each~~ National Coordination Centres.

Amendment 239 #

Proposal for a regulation
Article 6 – paragraph 5 a (new)

5a. The Commission may, by means of implementing acts, define the elements of the contractual agreements referred to in paragraph 5 of this Article, including their format. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article - 45.

Amendment 240 #

Proposal for a regulation
Article 7 – paragraph 1 – point a

(a) supporting the Competence Centre in achieving its objectives and in particular in coordinating and promoting the Cybersecurity Competence Community;

Amendment 241 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO

Proposal for a regulation
Article 7 – paragraph 1 – point b

(b) facilitating the participation of industry, in particular for SMEs, and other actors at the Member State level in cross- border projects;

Amendment 242 #

Proposal for a regulation
Article 7 – paragraph 1 – point b a (new)

(ba) incentivising cross-border- projects, particularly for SMEs;

Amendment 243 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO

Proposal for a regulation
Article 7 – paragraph 1 – point c

(c) contributing, together with the Competence Centre, to identifying and addressing sector-specific cyber security ~~industrial~~ challenges;

Amendment 244 #

Proposal for a regulation
Article 7 – paragraph 1 – point c a (new)

(ca) cooperating closely with National Standardisation Organisations to ensure the uptake of existing standards and to involve all relevant stakeholders, particularly SMEs, in setting new standards.

Amendment 245 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 7 – paragraph 1 – point e

(e) seeking to establish synergies with relevant activities at the national ~~and~~, regional and local level;

Amendment 246 #

Angelika MLINAR, Pavel TELIČKA

Proposal for a regulation
Article 7 – paragraph 1 – point f a (new)

(fa) promoting and disseminating a common minimal cybersecurity educational curricula in cooperation with the relevant bodies in the Member States;

Amendment 247 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 7 – paragraph 1 – point g

(g) promoting and disseminating the relevant outcomes of the work by the Network, the Cybersecurity Competence Community and the Competence Centre at national or, regional or local level;

Amendment 248 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

4. National Coordination Centres shall, where relevant, cooperate through the Network and coordinate with the relevant European Digital Innovation Hubs for the purpose of implementing tasks referred to in points (ab), (bc), (d), (cf), (ef a) and (g) of paragraph 1.

Amendment 249 #

Proposal for a regulation
Article 8 – paragraph 1

1. The Cybersecurity Competence Community shall contribute to the mission of the Competence Centre as laid down in Article 3 and enhance, pool, share and disseminate cybersecurity expertise across the Union.

Amendment 250 #

Proposal for a regulation
Article 8 – paragraph 2

2. The Cybersecurity Competence Community shall consist of industry from the demand- and supply-side, including SMEs, the European Standardisation Organisations, associations of users, academic and non-profit research organisations, and associations as well as public entities and other entities dealing with operational and technical matters. It shall bring together the main stakeholders with regard to cybersecurity technological and industrial capacities in the Union. It shall involve National Coordination Centres as well as Union institutions and bodies with relevant expertise. as referred to in Art.10 of this regulation.

Amendment 251 #

Proposal for a regulation
Article 8 – paragraph 2

2. The Cybersecurity Competence Community shall consist of industry, academic and non-profit research organisations, and associations as well as public entities and other entities dealing with operational and technical matters. It shall bring together the main stakeholders with regard to cybersecurity technological and industrial capacities in the Union. It shall involve National Coordination Centres as well as Union institutions and bodies with relevant expertise., in particular the European Digital Innovation Hubs.

Amendment 252 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 8 – paragraph 2

2. The Cybersecurity Competence Community shall consist of industry, academic and non-profit research organisations, and associations as well as public entities and other entities dealing with operational and technical matters. It shall bring together the main stakeholders with regard to cybersecurity technological and industrial capacities ~~in the Union~~. It shall involve National Coordination Centres as well as Union institutions and bodies with relevant expertise..

Amendment 253 #

Proposal for a regulation
Article 8 – paragraph 2

2. The Cybersecurity Competence Community shall consist of industry, academic and non-profit research organisations, and associations as well as public entities and other entities dealing with operational and technical matters. It shall bring together the main stakeholders with regard to cybersecurity technological and industrial capacities ~~in the Union~~. It shall involve National Coordination Centres as well as Union institutions and bodies with relevant expertise..

Amendment 254 #

Proposal for a regulation
Article 8 – paragraph 3 – introductory part

3. Only entities which are established within the Union, in the third countries participating in relevant Union programmes or in other third countries demonstrating the implementation of sufficient measures to guarantee the protection of the essential security interest of the Union and its Member States, may be accredited as members of the Cybersecurity Competence Community. They shall demonstrate that they have cybersecurity expertise with regard to at least one of the following domains:

Amendment 255 #

Proposal for a regulation
Article 8 – paragraph 3 – introductory part

3. Only entities which are established within the Union may be accredited as members of the Cybersecurity Competence Community. Entities established in the Union but controlled by third country entities shall be eligible provided the Union has signed an agreement on cybersecurity cooperation. They shall demonstrate that they have cybersecurity expertise with regard to at least one of the following domains:

Amendment 256 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 8 – paragraph 3 – introductory part

3. Only entities which are established within the Union ~~may be accredited as members of the Cybersecurity Competence Community. They shall demonstrate that they have cybersecurity expertise with regard to at least one of the following domains~~, the European Economic Area (EEA) and the European Free Trade Association (EFTA) having their executive management structures in the Union or in an EEA- or EFTA-country and which are not controlled by any other third country or by any other third country entity:

Amendment 257 #

Proposal for a regulation
Article 8 – paragraph 3 – introductory part

3. ~~Only e~~Entities which are ~~established within the Union may be~~ accredited as members of the Cybersecurity Competence Community~~. They~~ shall demonstrate that they have cybersecurity expertise in one or more EU Member States with regard to at least one of the following domains:

Amendment 258 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN, Jens GEIER

Proposal for a regulation
Article 8 – paragraph 3 – point b

(b) industrial or product development;

Amendment 259 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Jens GEIER, Theresa GRIFFIN

Proposal for a regulation
Article 8 – paragraph 3 – point c a (new)

(ca) information security operations;

Amendment 260 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 8 – paragraph 3 – point c b (new)

(cb) scientific or technical partnerships or cooperation with academic and/ or public authorities as defined under Article 2 (3).

Amendment 261 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 8 – paragraph 4

4. The Competence Centre shall accredit entities ~~established under national law~~ as members of the Cybersecurity Competence Community ~~after an assessment made by the National Coordination Centre of the Member State where the entity is established,~~based on an assessment on whether ~~that~~an entity meets the criteria provided for in paragraph 3. An accreditation shall not be limited in time but may be revoked by the Competence Centre ~~at any time if it~~ or the relevant National Coordination Centre ~~considers that~~if the entity ~~does not~~stops fulfilling the criteria set out in paragraph 3 or it falls under the relevant provisions set out in Article 136 of Regulation XXX [new financial regulation].

Amendment 262 #

Proposal for a regulation
Article 8 – paragraph 4

4. The Competence Centre shall accredit entities ~~established under national law~~referred to in paragraph 3 as members of the Cybersecurity Competence Community. The entities established under national law shall be accredited after an assessment made by the National Coordination Centre of the Member State where the entity is established, on whether that entity meets the criteria provided for in paragraph 3. An accreditation shall not be limited in time but may be revoked by the Competence Centre at any time if it or the relevant National Coordination Centre considers that the entity does not fulfil the criteria set out in paragraph 3 or it falls under the relevant provisions set out in Article 136 of Regulation XXX [new financial regulation].

Amendment 263 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 8 – paragraph 4

4. The Competence Centre shall accredit entities established under national law as members of the Cybersecurity Competence Community after an harmonised assessment made by the National Coordination Centre of the Member State and the Competence Centre where the entity is established, on whether that entity meets the criteria provided for in paragraph 3. An accreditation shall not be limited in time but may be revoked by the Competence Centre at any time if it or the relevant National Coordination Centre considers that the entity does not fulfil the criteria set out in paragraph 3 or it falls under the relevant provisions set out in Article 136 of Regulation XXX [new financial regulation].

Amendment 264 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 8 – paragraph 4 a (new)

4a. National Coordination Centres of the Member States shall aim to achieve a balanced representation of stakeholders in the Community, including SMEs.

Amendment 265 #

Proposal for a regulation
Article 8 – paragraph 4 b (new)

4b. The Commission may, by means of an implementing act, further specify the criteria provided for in paragraph 3 and the procedures for assessing and accrediting entities that meet those criteria. That implementing act shall be adopted in accordance with the advisory procedure referred to in Article -45.

Amendment 266 #

Paul RÜBIG, Pilar DEL CASTILLO VERA

Proposal for a regulation
Article 8 – paragraph 5 a (new)

5a. Existing entities participating in public-private partnerships on cybersecurity on the European level shall be members of the Cybersecurity Competence Community and shall take a leading role in stimulating and supporting the cooperation and coordination of the Cybersecurity Competence Community, continuing the work they have done so far.

Amendment 267 #

Proposal for a regulation
Article 9 – paragraph 1 – point 2 – point i (new)

i) as reporting Vulnerability Disclosures to the European Cybersecurity Competence Centre, helping to fix them and providing advise on how to reduce such vulnerabilities.

Amendment 268 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 9 – paragraph 1 – point 5 a (new)

(5a) encourage Community members that are manufacturers and service providers to certify their products and services under certification schemes adopted under the Cybersecurity Act.

Amendment 269 #

Proposal for a regulation
Article 10 – paragraph 1

1. To ensure the coherence and complementarity the Competence Centre shall cooperate with relevant Union institutions, bodies, offices and agencies including the European Union Agency for Network and Information Security, the Computer Emergency Response Team (CERT-EU), the European External Action Service, the Joint Research Centre of the Commission, the Research Executive Agency, Innovation and Networks Executive Agency, European Cybercrime Centre at Europol as well as the European Defence Agency.

Amendment 270 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

1a. The Competence Centre shall in particular contribute to the work of ENISA with regard to the implementation of Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (“NIS Directive”) and to the Regulation (EU) 2018/XXX of the European Parliament and of the Council of YYY on ENISA, the “EU Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (“Cybersecurity Act”).

Amendment 271 #

Proposal for a regulation
Article 10 – paragraph 2

2. Such cooperation shall take place within the framework of working arrangements agreed between the Competence Centre and the respective Union institution, body, office or agency. Those arrangements shall be submitted to the prior approval of the Commission, as well as for information to the European Parliament.

Amendment 272 #

Peter KOUROUMBASHEV, Zigmantas BALČYTIS, Adam GIEREK, Theresa GRIFFIN, Eva KAILI, Miapetra KUMPULA-NATRI

Proposal for a regulation
Article 10 – paragraph 2 a (new)

2a. The Competence Centre shall in particular contribute to the work of ENISA with regard to the implementation of Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union and to the Regulation (EU) 2018/XXX of the European Parliament and of the Council of YYY on ENISA, the “EU Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (‘‘Cybersecurity Act’’).

Amendment 273 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 11 – paragraph 2 – point b

(b) anthe Executive Director ~~who shall exercise the tasks set out in Article 16~~of ENISA, the EU Cybersecurity Agency;

Amendment 274 #

Pavel TELIČKA

Proposal for a regulation
Article 12 – paragraph 1

1. The Governing Board shall be composed of one representative of each Member State, and five representatives of the Commission, and one representative the European Network and Information Security Agency (ENISA), on behalf of the Union.

Amendment 275 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 12 – paragraph 1

1. The Governing Board shall be composed of one representative of each Member State, two representatives of the European Parliament and five representatives of the Commission, on behalf of the Union.

Amendment 276 #

Proposal for a regulation
Article 12 – paragraph 1

1. The Governing Board shall be composed ~~of one representative of each Member State, and five representatives of the Commission, on behalf of the Union~~by the Members of the Management Board of ENISA, the EU Cybersecurity Agency.

Amendment 277 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA

Proposal for a regulation
Article 12 – paragraph 1

1. The Governing Board shall be composed of one representative of each Member State, and ~~fiv~~one representatives of the Commission, on behalf of the Union.

Amendment 278 #

Proposal for a regulation
Article 12 – paragraph 2

2. Each member of the Governing Board shall have an alternate to represent them in their absence. Each Member State shall each hold one voting right, while the Commission shall hold two voting rights.

Amendment 279 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 12 – paragraph 3

3. Members of the Governing Board and their alternates shall be appointed in light of their knowledge in the field of technology as well as of relevant managerial, administrative and budgetary skills. The Commission and the Member States shall make efforts to limit the turnover of their representatives in the Governing Board, in order to ensure continuity of the Board’s work. The Commission and the Member States shall aim to achieve a balanced representation between men and women on the Governing Board.deleted

Amendment 280 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 12 – paragraph 3

3. Members of the Governing Board and their alternates shall be appointed in light of their knowledge in the field of ~~technology~~cybersecurity technology or research as well as of relevant managerial, administrative and budgetary skills. Gender balance shall be taken into account. The Commission and the Member States shall make efforts to limit the turnover of their representatives in the Governing Board, in order to ensure continuity of the Board’s work. The Commission and the Member States shall aim to achieve a balanced representation between men and women on the Governing Board.

Amendment 281 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 12 – paragraph 3

3. Members of the Governing Board and their alternates shall be appointed in light of their knowledge in the field of technology as well as of relevant managerial, administrative and budgetary skills. The Commission and the Member States shall make efforts to limit the turnover of their representatives in the Governing Board, in order to ensure continuity of the Board’s work. The Commission and the Member States shall ~~aim to achiev~~ensure a balanced representation between men and women on the Governing Board.

Amendment 282 #

Proposal for a regulation
Article 12 – paragraph 4

~~4. The term of office of members of the Governing Board and of their alternates shall be four years. That term shall be renewable.~~deleted

Amendment 283 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 12 – paragraph 5

~~5. The Governing Board members shall act in the interest of the Competence Centre, safeguarding its goals and mission, identity, autonomy and coherence, in an independent and transparent way.~~deleted

Amendment 284 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA

Proposal for a regulation
Article 12 – paragraph 6

~~6. The Commission may invite observers, including representatives of relevant Union bodies, offices and agencies, to take part in the meetings of the Governing Board as appropriate.~~deleted

Amendment 285 #

Proposal for a regulation
Article 12 – paragraph 6

6. ~~The Commission~~Members of the Governing Board may invite observers, including representatives of relevant Union bodies, offices and agencies and the members of the Competence Community, to take part in the meetings of the Governing Board as appropriate to ensure expertise is brought in and to build stronger links with industry and research communities.

Amendment 286 #

Proposal for a regulation
Article 12 – paragraph 6

6. The Commission and the Member States may invite observers, including representatives of relevant Union bodies, offices and agencies, to take part in the meetings of the Governing Board as appropriate.

Amendment 287 #

Pavel TELIČKA

Proposal for a regulation
Article 12 – paragraph 7

~~7. The European Agency for Network and Information Security (ENISA) shall be a permanent observer in the Governing Board.~~deleted

Amendment 288 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA

Proposal for a regulation
Article 12 – paragraph 7

7. The European Agency for Network and Information Security (ENISA) and the Industrial and Scientific Advisory Board shall be a permanent observers in the Governing Board, providing it with advice. The Governing Board shall have the utmost regard to the views expressed by ENISA. Due to its experience in the field, ENISA shall be especially consulted for research-related projects.

Amendment 289 #

Proposal for a regulation
Article 12 – paragraph 7

7. The E~~uropean Agency for Network and Information Security (ENISA)~~xecutive Director of ENISA and his staff shall be a permanent observers in the Governing Board.

Amendment 290 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 13 – paragraph 3 – point d

~~(d) adopt a procedure for appointing the Executive Director;~~deleted

Amendment 291 #

Proposal for a regulation
Article 13 – paragraph 3 – point d a (new)

(da) assess the compliance of entity nominated by the Member State to act as a National Coordination Centre and to issue a decision providing for the accreditation of the entity or rejecting the nomination.

Amendment 292 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 13 – paragraph 3 – point e a (new)

(ea) adopt the working arrangements referred to in Article 10(2).

Amendment 293 #

Proposal for a regulation
Article 13 – paragraph 3 – point f

(f) appoint, dismiss, extend the term of office of, provide guidance to and monitor the performance of the ~~Executive Director, and appoint the~~ Accounting Officer;

Amendment 294 #

Proposal for a regulation
Article 13 – paragraph 3 – point l

(l) promote the Competence Centre globally by promoting its excellence and attractiveness, so as to raise its attractiveness and make it a world-class body for excellence in cybersecurity; to this end supports collaboration with global players;

Amendment 295 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 13 – paragraph 3 – point l

(l) promote the Competence Centre globally, so as to raise its attractiveness and make it an internationally renowned world-class body for excellence in cybersecurity;

Amendment 296 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

(qa) adopt transparency rules for the Competence Centre;

Amendment 297 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 13 – paragraph 3 – point r

(r) adopt an anti-fraud and anti- corruption strategy that is proportionate to the fraud and corruption risks having regard to a cost-benefit analysis of the measures to be implemented, as well as adopt adequate protection measures for whistleblowers;

Amendment 298 #

Proposal for a regulation
Article 13 – paragraph 3 – point s

~~(s) adopt the methodology to calculate the financial contribution from Member States;~~deleted

Amendment 299 #

Proposal for a regulation
Article 13 – paragraph 3 – point s

(s) adopt ~~the methodology to calculate the financial contribution from Member States~~an extensive definition of financial contributions from Member States and a methodology to calculate the amount of Member States’ voluntary contributions that can be accounted for as financial contributions according to this definition. This calculation shall be executed at the end of every financial year;

Amendment 300 #

Peter KOUROUMBASHEV, Zigmantas BALČYTIS, Adam GIEREK, Theresa GRIFFIN, Eva KAILI, Miapetra KUMPULA-NATRI

Proposal for a regulation
Article 13 – paragraph 3 a (new)

3a. In deciding on the work plan and multi-annual strategic plan of the Competence Centre, the Governing Board shall take into account the advice provided by ENISA.

Amendment 301 #

Proposal for a regulation
Article 13 – paragraph 3 a (new)

3a. In deciding on the work plan and multi-annual strategic plan of the Competence Centre, the Governing Board shall take account of the advice provided by ENISA.

Amendment 302 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 14 – paragraph 1

1. The Governing Board shall ~~elect~~have a Chairperson and a Deputy Chairperson ~~from among the members with voting rights, for a period of two years. The mandate of~~, which shall be respectively the Chairperson and ~~the~~ Deputy Chairperson may be extended once, following a decision by the Governing Board. If, however, their membership of the Governing Board ends at any time during their term of office, their term of office shall automatically expire on that date. The Deputy Chairpersonof the Management Board of ENISA. Their mandate shall bex of~~ficio replace the Chairperson if the latter is unable to attend to hi~~ the same duration as for ~~her duties. The Chairperson shall take part in the voting~~the Management Board of ENISA.

Amendment 303 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 14 – paragraph 1

1. The Governing Board shall elect a Chairperson and a Deputy Chairperson from among the members with voting rights, for a period of two years, taking into account gender balance. The mandate of the Chairperson and the Deputy Chairperson may be extended once, following a decision by the Governing Board. If, however, their membership of the Governing Board ends at any time during their term of office, their term of office shall automatically expire on that date. The Deputy Chairperson shall ex officio replace the Chairperson if the latter is unable to attend to his or her duties. The Chairperson shall take part in the voting.

Amendment 304 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 14 – paragraph 2

2. The Governing Board shall hold its ordinary meetings at least three times a year. These meetings will be extraordinary to the meetings foreseen for the Management Board of ENISA as defined under regulation [Regulation of the EU Cybersecurity Act]. It may hold extraordinary meetings at the request of the Commission, at the request of one third of all its members, at the request of the chair, or at the request of the Executive Director in the fulfilment of his/her tasks.

Amendment 305 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 14 – paragraph 6

6. ~~The Competence Centre~~ENISA shall provide the secretariat for the Governing Board.

Amendment 306 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 15 – paragraph 1

~~1. The Union shall hold 50 % of the voting rights. The voting rights of the Union shall be indivisible.~~deleted

Amendment 307 #

Proposal for a regulation
Article 15 – paragraph 1

1. The Union, represented by the Commission, shall hold ~~50 % of~~ the voting rights corresponding to its financial contribution. The voting rights of the Union shall be indivisible.

Amendment 308 #

Proposal for a regulation
Article 15 – paragraph 1

1. ~~The Union shall hold 50 % of the voting rights. The voting rights of the Union shall be indivisibl~~Each member of the Governing Board shall have one vote.

Amendment 309 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 15 – paragraph 1

1. The Union shall hold 250 % of the voting rights. The voting rights of the Union shall be indivisible.

Amendment 310 #

Proposal for a regulation
Article 15 – paragraph 2

~~2. Every participating Member State shall hold one vote.~~deleted

Amendment 311 #

Evžen TOŠENOVSKÝ, Edward CZESAK

Proposal for a regulation
Article 15 – paragraph 2

2. Every ~~participating~~ Member State shall hold one vote.

Amendment 312 #

Evžen TOŠENOVSKÝ, Edward CZESAK

Proposal for a regulation
Article 15 – paragraph 3

3. The Governing Board shall take its decisions by a majority of at least 75% of all votes, including the votes of the members who are absent, representing at least 75% of the total financial contributions to the Competence Centre. The financial contribution will be calculated based on the estimated expenditures proposed by the Member States referred to in point c of Article 17(2) and based on the report on the value of the contributions of the participating Member States referred to in Article 22(5).

Amendment 313 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 15 – paragraph 3

Amendment 314 #

Evžen TOŠENOVSKÝ, Edward CZESAK

3. The Governing Board shall take its decisions by a majority of at least 75% of all votes, including the votes of the members who are absent, representing at least 75% of the total ~~financial contributions~~of the ratio of the individual Member States’ financial contributions to their Gross Domestic Product to the Competence Centre. The financial contribution will be calculated based on the estimated expenditures proposed by the Member States referred to in point c of Article 17(2) and based on the report on the value of the contributions of the participating Member States referred to in Article 22(5).

Amendment 315 #

Proposal for a regulation
Article 15 – paragraph 4

4. Only the representatives of the Commission and the representatives of the ~~participating~~ Member States shall hold voting rights.

Amendment 316 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 16

Appointment, dismissal or extension of the term of office of the Executive 1. The Executive Director shall be a person with expertise and high reputation in the areas where the Competence Centre operates. 2. The Executive Director shall be engaged as a temporary agent of the Competence Centre under Article 2(a) of the Conditions of Employment of Other Servants. 3. The Executive Director shall be appointed by the Governing Board from a list of candidates proposed by the Commission, following an open and transparent selection procedure. 4. For the purpose of concluding the contract of the Executive Director, the Competence Centre shall be represented by the Chairperson of the Governing Board. 5. The term of office of the Executive Director shall be four years. By the end of that period, the Commission shall carry out an assessment which takes into account the evaluation of the performance of the Executive Director and the Competence Centre’s future tasks and challenges. 6. The Governing Board may, acting on a proposal from the Commission which takes into account the assessment referred to in paragraph 5, extend once the term of office of the Executive Director for no more than four years. 7. An Executive Director whose term of office has been extended may not participate in another selection procedure for the same post. 8. The Executive Director shall be removed from office only by decision of the Governing Board, acting on a proposal from the Commission.rticle 16 deleted Director

Amendment 317 #

Proposal for a regulation
Article 16 – paragraph 3

3. The Executive Director shall be appointed by the Governing Board from a list of candidates proposed by the Commission and the Member States, following an open and transparent selection procedure.

Amendment 318 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 16 – paragraph 3

3. The Executive Director shall be appointed by the Governing Board from a list of candidates proposed by the Commission, following an open, non- discriminatory and transparent selection procedure.

Amendment 319 #

Proposal for a regulation
Article 17 – paragraph 2 – point c

(c) after consultation with the Governing Board, the Industrial and Scientific Advisory Board and the Commission, prepare and submit for adoption to the Governing Board the draft multiannual strategic plan and the draft annual work plan of the Competence Centre including the scope of the calls for proposals, calls for expressions of interest and calls for tenders needed to implement the work plan and the corresponding expenditure estimates as proposed by the Member States and the Commission;

Amendment 320 #

Proposal for a regulation
Article 17 – paragraph 2 – point c

(c) after consultation with the Governing Board ~~and~~, the Commission and ENISA, prepare and submit for adoption to the Governing Board the draft multiannual strategic plan and the draft annual work plan of the Competence Centre including the scope of the calls for proposals, calls for expressions of interest and calls for tenders needed to implement the work plan and the corresponding expenditure estimates as proposed by the Member States and the Commission;

Amendment 321 #

Proposal for a regulation
Article 17 – paragraph 2 – point h

(h) prepare an action plan following-up on the conclusions of the retrospective evaluations and reporting on progress every two years to the Commission and the European Parliament;

Amendment 322 #

Proposal for a regulation
Article 17 – paragraph 2 – point i

~~(i) prepare, negotiate and conclude the agreements with the National Coordination Centres;~~deleted

Amendment 323 #

Proposal for a regulation
Article 17 – paragraph 2 – point l

(l) approve, after the consultation with ENISA and with the Industrial and Scientific Advisory Board, the list of actions selected for funding on the basis of the ranking list established by a panel of independent experts;

Amendment 324 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 17 – paragraph 2 – point s

(s) prepare an action plan following-up conclusions of internal or external audit reports, as well as investigations by the European Anti-Fraud Office (OLAF) and reporting on progress twice a year to the Commission, the European Parliament and regularly to the Governing Board;

Amendment 325 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO

Proposal for a regulation
Article 17 – paragraph 2 – point s

(s) prepare an action plan following-up conclusions of internal or external audit reports, as well as investigations by the European Anti-Fraud Office (OLAF) and reporting on progress twice a year to the Commission, the European Parliament and regularly to the Governing Board;

Amendment 326 #

Proposal for a regulation
Article 18 – paragraph 1

1. The Industrial and Scientific Advisory Board shall consist of no more than 1625 members. The members shall be appointed by the Governing Board according to an open, transparent and non-discriminatory procedure from among the representatives of the entities of the Cybersecurity Competence Community. In the determination of its members, existing European cybersecurity organisations shall be particularly taken into consideration. The Governing Board shall further ensure the representation from supply- and demand- side industry, SMEs, the public sector and research organisations.

Amendment 327 #

Paul RÜBIG, Pilar DEL CASTILLO VERA

Proposal for a regulation
Article 18 – paragraph 1

1. The Industrial and Scientific Advisory Board shall consist of no more than 1625 members. The members shall be appointed by the Governing Board by means of an open and transparent procedure from among the representatives of the entities of the Cybersecurity Competence Community including organisations mentioned in Article 10 of this Regulation. The membership of the Industrial and Scientific Advisory Board shall ensure a broad representation of all relevant industries, particularly from SMEs, academia and relevant civil society.

Amendment 328 #

Proposal for a regulation
Article 18 – paragraph 1

1. The Industrial and Scientific Advisory Board shall consist of no more than 16 members. Of such number, no more than 10 shall be chosen from among the industry, and of such number no more than 4 shall be chosen from among SMEs; the remaining members shall be selected among Universities and Research Centres. The members shall be appointed by the Governing Board from among the representatives of the entities of the Cybersecurity Competence Community.

Amendment 329 #

Proposal for a regulation
Article 18 – paragraph 1

1. The Industrial and Scientific Advisory Board shall consist of no more than 16 members representing the industrial sector (major companies, SMEs and micro-enterprises and start-ups), universities, research institutes and civil society organizations. The members shall be appointed by the Governing Board from among the representatives of the entities of the Cybersecurity Competence Community.

Amendment 330 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 18 – paragraph 1

1. The Industrial and Scientific Advisory Board shall consist of ~~no more than 16 members. The members shall be~~a representative of the European Cyber Security Organisation (ECSO) and no more than 16 other members appointed by the Governing Board from among the representatives of the entities of the Cybersecurity Competence Community or other relevant stakeholders.

Amendment 331 #

Proposal for a regulation
Article 18 – paragraph 2

2. Members of the Industrial and Scientific Advisory Board shall have expertise either with regard to cybersecurity research, ~~industrial development, professional service~~cybersecurity training and education, industrial development, offering or successfully implementing professional cybersecurity services or products or the deployment thereof. The requirements for such expertise shall be further specified by the Governing Board.

Amendment 332 #

Proposal for a regulation
Article 18 – paragraph 2

2. Members of the Industrial and Scientific Advisory Board shall have expertise either with regard to cybersecurity research, industrial development, professional services or the deployment thereof, and a demonstrated commitment to the contractual public- private partnership (cPPP) on cybersecurity. The requirements for such expertise shall be further specified by the Governing Board.

Amendment 333 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 18 – paragraph 2

2. Members of the Industrial and Scientific Advisory Board shall have expertise either with regard to cybersecurity research, industrial development, professional services and the active and continuous contribution to Contractual Public Private Partnerships in this field or the deployment thereof. The requirements for such expertise shall be further specified by the Governing Board.

Amendment 334 #

Proposal for a regulation
Article 18 – paragraph 4

4. The term of office of members of the Industrial and Scientific Advisory Board shall be ~~three~~four years. That term shall be renewable.

Amendment 335 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 18 – paragraph 5

5. Representatives of the Commission and of the European Network and Information Security Agency ~~may~~ shall participate in and support the works of the Industrial and Scientific Advisory Board.

Amendment 336 #

Proposal for a regulation
Article 18 – paragraph 5

5. Representatives of the Commission and of the European Network and Information Security Agency ~~may~~shall participate in and support the works of the Industrial and Scientific Advisory Board.

Amendment 337 #

Proposal for a regulation
Article 19 – paragraph 2

2. The Industrial and Scientific Advisory Board ~~may~~shall advise the Governing Board on the establishment of working groups on specific issues relevant to the work of the Competence Centre, whenever those issues fall within the tasks and areas of competence outlined in art. 20 and where necessary under the overall coordination of one or more members of the Industrial and Scientific Advisory Board.

Amendment 338 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 19 – paragraph 2

2. The Industrial and Scientific Advisory Board ~~may~~shall advise the Governing Board on the establishment of working groups on specific issues relevant to the work of the Competence Centre, as set out in Article 20, where necessary under the overall coordination of one or more members of the Industrial and Scientific Advisory Board.

Amendment 339 #

Proposal for a regulation
Article 19 – paragraph 2

2. The Industrial and Scientific Advisory Board ~~may~~shall advise the Governing Board on the establishment of working groups on specific issues relevant to the work of the Competence Centre where necessary under the overall coordination of one or more members of the Industrial and Scientific Advisory Board.

Amendment 340 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 19 – paragraph 2 a (new)

2a. The Industrial and Scientific Advisory Board shall have observer status in the Governing Board to be able to provide regular advice to the Governing Board.

Amendment 341 #

Proposal for a regulation
Article 19 – paragraph 4

4. The Industrial and Scientific Advisory Board shall adopt its rules of procedure, including the nomination of the participants of the working groups established under art. 19(2) and of the representatives that shall represent the Advisory Board where relevant and the duration of their nomination.

Amendment 342 #

Proposal for a regulation
Article 19 – paragraph 4

4. The Industrial and Scientific Advisory Board shall adopt its rules of procedure, ~~including~~which shall provide for the nomination of the representatives ~~that shall~~of the working groups provided for in Article 19 (2) and the representatives of the Advisory Board where relevant and the duration of their nomination.

Amendment 343 #

Proposal for a regulation
Article 19 – paragraph 4 a (new)

4a. The Industrial and Scientific Advisory Board shall, where possible, coordinate and collaborate with Contractual Public Private Partnerships.

Amendment 344 #

Proposal for a regulation
Article 19 – paragraph 4 a (new)

4a. The Industrial and Scientific Advisory Board shall engage closely with the cPPP.

Amendment 345 #

Jens GEIER, Theresa GRIFFIN, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 20 – paragraph 1 – introductory part

The Industrial and Scientific Advisory Board shall regularly advise the Competence Centre in respect of the performance of its activities and shall:

Amendment 346 #

Proposal for a regulation
Article 20 – paragraph 1 – point 1

(1) provide to the Executive Director and the Governing Board strategic advice and input for drafting the work plan and multi-annual strategic plan within the deadlines set by the Governing Board; at the discretion of the Director and the Governing Board, the Board may be called upon to participate in the meetings of the Governing Board whenever the discussion touches upon the sectors outlined in Article 20.

Amendment 347 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 20 – paragraph 1 – point 1

(1) provide to the Executive Director and the Governing Board strategic advice and input for drafting a technology and application agenda, the work plan and multi-annual strategic plan within the deadlines set by the Governing Board; where considered appropriate by the Executive Director and the Governing Board, it shall also provide advice on procurement and deployment.

Amendment 348 #

Proposal for a regulation
Article 20 – paragraph 1 – point 1

(1) provide to the Executive Director and the Governing Board strategic advice and input for the strategic orientation and operations of the Competence Centre as far as industry and science is concerned, and for drafting the work plan and multi- annual strategic plan within the deadlines set by the Governing Board;

Amendment 349 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 20 – paragraph 1 – point 2

(2) organise public consultations, when necessary in coordination with the cPPP, open to all public and private stakeholders having an interest in the field of cybersecurity, in order to collect input for the strategic advice referred to in paragraph 1;

Amendment 350 #

Proposal for a regulation
Article 20 – paragraph 1 – point 3

(3) promote and collect feedback on the work plan and multi-annual strategic plan of the Competence Centre and advise the Governing Board on how to improve the Competence Centre’s strategic orientation and operation according to this feedback.

Amendment 351 #

Proposal for a regulation
Article 20 – paragraph 1 – point 3 a (new)

(3a) participate, through the presence of its chair, to the meetings of the Governing Board, whenever the topic under examination falls within its competence areas as defined in Art. 20.

Amendment 352 #

Proposal for a regulation
Article 21 – paragraph 1 – point b a (new)

(ba) An amount from the European Defence Fund for defence-related actions of the Competence Centre, including for administrative costs such as costs that the Competence Centre may incur when acting as a project manager for actions carried out under the European Defence Fund.

Amendment 353 #

Proposal for a regulation
Article 21 – paragraph 2

2. The maximum Union contribution shall be paid from the appropriations in the general budget of the Union allocated to [Digital Europe Programme] ~~and~~, to the specific programme implementing Horizon Europe, established by Decision XXX and to the European Defence Fund.

Amendment 354 #

Proposal for a regulation
Article 21 – paragraph 4

4. The Union financial contribution from Digital Europe and from Horizon Europe shall not cover the tasks referred to in Article 4(8)(b). These may be covered by financial contributions from the European Defence Fund.

Amendment 355 #

Peter KOUROUMBASHEV, Adam GIEREK, Krystyna ŁYBACKA, Theresa GRIFFIN

Proposal for a regulation
Article 21 – paragraph 4 a (new)

4a. Contributions from Union programmes other than those referred to in paragraphs (1) and (2) above that are part of a Union co-financing to a programme implemented by one of the Member States shall not be accounted for in the calculation of the Union maximum financial contribution referred to in paragraphs (1) and (2) above.

Amendment 356 #

Proposal for a regulation
Article 22 – paragraph 1

1. The participating Member States shall make a total contribution to the operational and administrative costs of the Competence Centre of at least the same amounts as those in Article 21(1) of this Regulation.deleted

Amendment 357 #

Proposal for a regulation
Article 22 – paragraph 1

1. The participating Member States shall make a total contribution to the ~~operational and~~ administrative costs of the Competence Centre of at least the same amounts as th~~ose~~at in Article 21(1) of this Regulation.

Amendment 358 #

Proposal for a regulation
Article 22 – paragraph 1 a (new)

1a. The participating Member States shall make a total contribution to the operational costs of the Competence Centre which is commensurate to the amount in Article 21(1) of this Regulation.

Amendment 359 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 22 – paragraph 4

Amendment 360 #

Proposal for a regulation
Article 22 – paragraph 4

4. The Commission may terminate, ~~proportionally~~ reduce or suspend the Union’s financial contribution to the Competence Centre if the participating Member States do not contribute, contribute only partially or contribute late with regard to the contributions referred to in paragraph 1. The Commission’s termination, reduction or suspension of the Union’s financial contribution shall be proportionate in amount and time to the reduction, termination or suspension of the Member States’ contributions.

Amendment 361 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 23 – paragraph 3 – point b – introductory part

(b) contributions from the participating Member States, as defined in more detail according to Article 13, paragraph 3, point (s), in the form of:

Amendment 362 #

Proposal for a regulation
Article 30 – paragraph 1

1. The Competence Centre shall take appropriate measures to ensure that, when actions financed under this Regulation are implemented, the financial interests of the Union are protected by the application of preventive measures against fraud, corruption and any other illegal activities, by regular and effective checks and, if irregularities are detected, by the recovery of the amounts wrongly paid and, where appropriate, by effective, proportionate and dissuasive administrative sanctions.

Amendment 363 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND, Theresa GRIFFIN

Proposal for a regulation
Article 31 – paragraph 7

7. The staff of the Competence Centre shall be gender balanced and consist of temporary staff and contract staff.

Amendment 364 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 34 – paragraph 2 – point c a (new)

(ca) Articles 22 [Ownership of results], 23 [Ownership of results] and 30 [Application of the rules on classified information] Regulation No XXX [European Defence Fund] shall apply to participation in all defence-related actions by the Competence Centre, when provided for in the Work plan, the grant of non- exclusive licenses may be limited to third parties established or deemed to be established in Members States and controlled by Member States and/or nationals of Member States.

Amendment 365 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 35 – paragraph 1

1. The Competence Centre shall carry out its activities with athe highest level of transparency.

Amendment 366 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 35 – paragraph 2

2. The Competence Centre shall 2. ensure that the public and any interested parties are given appropriate, objective, reliable and easily accessible information in due time, in particular with regard to the results of its work. It shall also make public the declarations of interest made in accordance with Article 41.

Amendment 367 #

Jens GEIER, José BLANCO LÓPEZ, Carlos ZORRINHO, Eugen FREUND

Proposal for a regulation
Article 38 – paragraph 3

3. The evaluation referred to in paragraph 2 shall include an assessment of the results achieved by the Competence Centre, having regard to its objectives, mandate and tasks. If the Commission considers that the continuation of the Competence Centre is justified with regard to its assigned objectives, mandate ~~and tasks~~, tasks, effectiveness and efficiency, it may propose that the duration of the mandate of the Competence Centre set out in Article 46 be extended.

Amendment 368 #

Proposal for a regulation
Article 42 – paragraph 1

Amendment 369 #

Proposal for a regulation
Article 44 – paragraph 1

An administrative agreement may be concluded between the Competence Centre and the Member State ~~[Belgium]~~ in which its seat is located concerning privileges and immunities and other support to be provided by that Member State to the Competence Centre.

Amendment 370 #