Documents considered by the Committee on 3 November 2010, including the following recommendations for debate: Financial Management - European Scrutiny Committee Contents


2 European Information and Network Safety Agency

(a)

(32008)

14322/10

COM(10) 520

(b)

(32010)

14358/10

COM(10) 521

+ ADDs 1-2

Draft Council Regulation amending Regulation (EC) No 460/2004 establishing the European Network and Information Security Agency as regards its duration







Draft Council Regulation concerning the European Network and Information Security Agency

Legal baseArticle 114 TFEU; QMV; ordinary legislative procedure
DepartmentBusiness, Innovation and Skills
Basis of considerationEM of 19 October 2010
Previous Committee ReportNone; but see (29300) 16840/07: HC 16-xxiii (2007-08), chapter 12 (4 June 2008); also see (30528)

8375/09: HC 19- xxi (2008-09), chapter 1( 24 June 2009): HC16-ix (2007-08), chapter 1 (23 January 2008): (28677) 10340/07: HC-41 xxviii (2006-07), chapter 2 (4 July 2007), HC-41 xxxiv (2006-07), chapter 9 (2 October 2007), (29172) 15371/07 (29173) 15379/07 (29174) 15387/07 (29176) 15416/07 (29177) 15422/07 and (29175) 15408/07: HC 16-vi (2007-08), chapters 1 and 2 (12 December 2007)

To be discussed in CouncilTo be determined
Committee's assessmentPolitically important
Committee's decision(a) Cleared

(b) Not cleared; further information requested

Background

2.1 With communications networks and information systems an essential factor in economic and social development, and the security and resilience of communication networks and information systems of increasing concern to society, the European Network and Information Security Agency (ENISA) was established in 2004, for a period of five years. As ENISA's website says:

"Operative networks contributes to the smooth functioning of the Internal Market, and concretely effects the daily lives of the citizens and business alike, using broadband, online banking, ecommerce, and mobile phones.

"Therefore, the Agency's Mission is essential to achieve a high and effective level of Network and Information Security within the European Union. Together with the EU-institutions and the Member States, ENISA seeks to develop a culture of Network and Information Security for the benefit of citizens, consumers, business and public sector organisations in the European Union."

2.2 The Agency describes its objectives thus:

"ENISA was set up to enhance the capability of the European Union, the EU Member States and the business community to prevent, address and respond to network and information security problems.

"In order to achieve this goal, ENISA is a Centre of Expertise in Network and Information Security and is stimulating the cooperation between the public and private sectors. As such, the Agency is a 'pacemaker'."

2.3 The Agency describes its tasks as:

—  Advising and assisting the Commission and the Member States on information security and in their dialogue with industry to address security-related problems in hardware and software products;

—  Collecting and analysing data on security incidents in Europe and emerging risks;

—  Promoting risk assessment and risk management methods to enhance our capability to deal with information security threats;

—  Awareness-raising and co-operation between different actors in the information security field, notably by developing public/private partnerships with industry in this field.

2.4 More concretely, ENISA divides its activities into Computer Emergency Response Teams, Awareness Raising, Resilience, Risk Management-Risk Assessment, Identity and Trust and stakeholder relations.[8]

Previous consideration of the future of ENISA

2.5 Article 25 of the ENISA Regulation required evaluation of the Agency by the Commission before March 2007, to determine whether the duration of the Agency should be extended beyond the period specified in Article 27 (that is, five years) and assess the impact of the Agency on achieving its objectives and tasks, as well as its working practices and, if necessary, make appropriate proposals.

2.6 Thus, in autumn 2007, the then Committee considered a Commission Communication that presented the findings of an evaluation by an external panel of experts; the recommendations of the ENISA Management Board regarding the ENISA Regulation; made an appraisal of the evaluation report; and launched a public consultation.[9]

2.7 Based thereon, the Communication set out to initiate debate about ENISA's value and future; the Commission would then inform the Council and European Parliament and further specify its overall evaluation findings, in particular whether or not to introduce a proposal for the extension of the duration of the Agency.

2.8 The overall picture was set out most vividly in a SWOT Analysis reproduced below:
STRENGTHS
WEAKNESSES
—  MS and Commission mandate

—  Good start in building relationships

—  Staff competence

—  Lack of vision, focus and flexibility

—  Uneasy relationship between Management Board and Agency

—  Location problem for recruitment and networking

OPPORTUNITIES
THREATS
—  Increasing importance of security in the EU

—  Unique position to respond to security coordination needs

—  Global alliances look for EU counterpart

—  Launching new projects with high relevance in the security field

—  Becoming a reference point for all the MS

—  If effectiveness is not improved, rapid weakening and loss of reputation

—  High turnover is weakening the staff

—  Contradictory expectations from MS and between MS and stakeholders

—  Misperception of role and goals by external stakeholders

2.9 In sum, the Report confirmed the validity of the original rationale and goals. All activities were found to be in line with its work programme. However, those activities appeared insufficient to achieve the high level of impacts and value added hoped for, and visibility was below expectations. Factors affecting the ability of the Agency to perform at its best concerned its organisational structure, the skills mix and the size of its operational staff, the lack of focus on impacts rather than on deliverables and its remote location. The chances for a successful future for ENISA depended on "a renewed political agreement among the Member States, built on the lessons learned and the achievement of the first phase of the Agency". Most stakeholders felt that closing the Agency in 2009 would represent a significant missed opportunity for Europe, and have negative consequences for NIS and the smooth functioning of the internal market. But they also believed that change was needed in the Agency's strategic direction and structure.

2.10 The Commission endorsed the overall findings; enhancing ENISA's contacts and working relations with stakeholders and Member States' centres of expertise was "a key finding". But it danced around the other key issue: its remote location in Heraklion. The Commission summarised the evaluation panel recommendations on the future of ENISA after 2009 as follows:

—  the mandate of the Agency should be extended after 2009, maintaining its original main objectives and policy rationale, but taking into account the current experience;

—  the Regulation should be revised, to reflect ENISA's original strategic role and to clear ambiguities about its profile. The Regulation should not define in detail the operational tasks of the Agency to allow for flexibility in adapting to the evolution of the security environment;

—  the Agency's size and resources should be increased (up to 100 persons approximately) in order to reach the necessary critical mass;

—  the role of the Management Board should be revised in order to improve governance;

—  the appointment of a high-profile figure, well recognised in the NIS environment, who could act as an ambassador, to help increase ENISA's visibility;

—  "recommendations regarding the location of the Agency in Heraklion".

2.11 Although the Commission evaded the location issue, the Panel discussed the question in depth. It said the negative consequences on networking activities should be examined closely. Decisions to implement short-term improvements should be taken without preventing in any way the possibility to make a more radical choice about the location after 2009. Here, it recommended that the feasibility be seriously considered of:

—  moving the Agency from Heraklion to Athens or "another EU city with an international environment and greater proximity to the security environment main knowledge centres";

—  opening a liaison office in Brussels or a city "with high relevance for the security environment";

—  a "networked agency" with small headquarters and a few distributed offices "hosted by some of the main actors of security".

In addition, examples of successful organizations with networking and think tank activities should be examined to learn from their management practices, even if they were not EU agencies; an example cited was EIPA (European Institute for Public Administration), "which, in addition to its main headquarters has antennas in other cities, acting as competence centres".

2.12 When the then Committee first examined the Communication, it considered that the then Minister (Margaret Hodge) was as remiss as the Commission, in that her Explanatory Memorandum contained none of the foregoing, nor said anything about the report, despite the picture painted in the Communication strongly suggesting that ENISA had been created on an unsound basis, which had then been compounded by situating it in the wrong place, for the wrong reasons. The then Committee felt that it was entitled to know the Government's views at that point, not when the consultation was over and the Commission had decided what to do.

2.13 The response of her successor (Stephen Timms), which was considered on 2 October 2007, contained the comprehensive statement of the Government's position that was initially absent. Lamentable as it seemed to the then Committee, it was made clear that the evaluation report's main concern, i.e., ENISA's inappropriate location, was plainly off limits, for the same reason that it was put there in the first place, i.e., its political nature. In clearing the Communication, the then Committee noted the importance of any future such decision not being left to one Member State to determine when the interests of all Member States were concerned. They also noted that there was no appetite for more staff, and that the Government would resist any move to make ENISA more operational, and that what was needed now were proposals that showed how ENISA, despite its unhelpful location, could be developed so as to fulfil its tasks efficiently, effectively and economically. They also noted that the Minister undertook to submit a detailed EM when the Commission made substantive recommendations on the future of the Agency.[10]

2.14 Those were contained in a further package of proposals that the then Committee considered on 12 December 2007. They included the notion that a new European Electronic Communications Market Authority (EECMA) should, among other things, take over the activities of ENISA. As both the then Minister, in his accompanying Explanatory Memorandum, and the then Committee made clear, there were considerable doubts about the proposed EECMA (and therefore the contingent proposal to wind up ENISA); these were to be further examined in a debate in the European Standing Committee on the Commission Communication that set out the Commission's overall approach to revising the regulatory framework for electronic communications.[11]

The first amendment to the Council Regulation

2.15 In the meantime, with ENISA's existing mandate due to expire in March 2009, and to ensure continuity, the Commission proposed this interim measure for the two years between the Agency's scheduled expiry date and the date when the proposed EECMA was to take over responsibility for its activities.

2.16 The then Minister (Stephen Timms) said that at this stage he regarded the extension of ENISA's mandate as "good housekeeping and essential for the continued conduct of the Agency's activities." He noted that the EECMA negotiations had yet to take place and the eventual outcome was unclear: however, in any event, the EECMA would not be established before 2011 and therefore some mechanism to ensure ENISA's continued operation needed to be put in place. What ENISA did remained important and that there seemed a sound case for this work to continue at a European level. The Government therefore agreed with the general tenor of the Commission's Communication of 1 June 2007 ((COM 2007) 285) and also agreed with the ENISA Management Board Recommendations about the need to extend the mandate and "refresh the focus given to the Agency" through the amendments to the Regulation. However, the Commission had "taken a surprising turn in seeming to have foregone further work on the Review of the Agency" and "opted instead to roll ENISA into its proposals for a European Electronic Communications Markets Authority". The then Government was not convinced that this was the only or best way to ensure the improved implementation of the European regulatory framework for communications. But whatever solution was adopted, they were convinced that expertise would be required to advise or engage with national regulators on network and service resilience issues. If the negotiation process set aside the Commission's idea for a new Authority, then consideration would have to be given as to how best to agree common approaches to ensuring the appropriate resilience of networks. In that case, the continuation of ENISA might return as a viable prospect. If the new Authority idea prevailed, then it had to be acknowledged that it would be difficult to argue for two Agencies that had a strong connection to the regulatory framework.

2.17 For its part, the then Committee noted that, as the Minister had pointed out, an extension of ENISA's mandate was contingent on much larger and more contentious questions — whether it should be incorporated in a new authority, the need for and appropriateness of which is still under examination; or, if not so incorporated, what should be done to make it more effective and efficient. That being so, the then Committee continued to retain the document under scrutiny until the Minister was in a position to let it have his considered views.[12]

The then Minister's letter of 20 May 2008

2.18 The Minister's successor (Baroness Vadera) wrote to say that she had "looked afresh" at the issues and fully understood the then Committee's concern about the location of the Agency not being addressed in this process. Though the evaluation concluded that there were problems with the location in Crete — which her predecessor had indicated would not have been the then government's first choice — the decision to locate the Agency there was taken by the Greek Government, it having been given the discretion to do so by the Heads of Government. It would be difficult — and would not constitute a welcome precedent for many Member States — to subject that decision to review and challenge by the European Institutions. The then Minister therefore believed that in the short term, it was necessary to continue to see the location as a management challenge and that a discussion on relocation was not realistic without the agreement of the Greek Government — and they had made clear through all available channels available that they felt the case against Crete was not soundly based and were "working hard to address the most obvious problems".

2.19 Moreover, the then Minister said, any clear linkage in the Regulation to the outcome of the discussion on the proposed EECMA had now been rejected, and the rationale for the extension was now viewed as providing a window of opportunity for the EU to reassess how it handled the whole issue of network and information security — both how to deliver on the likely new requirements for communications providers arising from the Framework Review and whether policy objectives were best delivered through a small Agency in a remote location. Furthermore, some Member States thought three years would better enable an incoming Commission and Parliament to deal with the issue and, through a longer period of debate and reflection, enable a better longer-term solution. The then Minister thought it arguable that sufficient progress could be made in two years but if — as seemed likely — the UK found itself in a small minority of Member States who had doubts on this point and acting against the views of the Parliament, she was not inclined to pursue her doubts to the point of voting against the measure.

2.20 With the 16 June Telecoms Council approaching and the Presidency wishing to get a Common Position, the then Minister asked that the draft Council Regulation now be cleared.

The then Committee's assessment

2.21 In the debate on 13 March 2008 on the Commission's overall approach to revising the regulatory framework for electronic communications, the then Minister for Energy (Malcolm Wicks) said that the Government continued to analyse the case for establishing a new EU market authority and was considering whether other methods could better achieve the objectives. This approach was reflected in other contributions to the debate.

2.22 It thus seemed clear that the there was little enthusiasm for the proposed EECMA and that, accordingly, ENISA was, in one form or another, and in one place or another, likely to be around for the foreseeable future. In that case, the then Committee accepted that it made sense to extend ENISA's mandate. Like the Minister, it was not convinced that an additional year was needed in order to reach the right conclusions, given that the problems and solutions had been so fully and convincingly set out in the evaluation; but reluctantly agreed that it would be a better outcome than an even longer extension. What was much more important was that a window of opportunity for the EU to reassess how it handled the whole issue of network and information security should not, as the result of a longer period of debate and reflection, result in continued stagnation.

2.23 In clearing the draft Council Regulation, the then Committee noted in particular that the Government of Greece maintained that the case against Crete was not soundly based and was "working hard to address the most obvious problems", and looked forward to hearing more about what steps were planned to address the problems identified in the evaluation.[13]

The draft Council Regulations

2.24 The proposed Commission Regulation (document (b)) renews ENISA's mandate for a further five years and sets out the tasks proposed for the Agency as well as its budget and how it will operate. The Regulation builds on ENISA's current capabilities as a centre of excellence whose function is to enhance network and information security (NIS) across Europe and expands the Agency's tasks to reflect changing needs in this area. The Regulation also streamlines the Agency's management structures and sets out a gradual increase to the budget to manage the increased workload.

2.25 It is published alongside a Commission proposal to extend the existing ENISA Regulation à l'identique for 18 months, from March 2012 to September 2013.

2.26 In his Explanatory Memorandum of 19 October 2010, the Minister for Culture, Communications and Creative Industries (Ed Vaizey) begins by explaining that the EECMA did not take over ENISA's activities as this proposal did not receive support from Member States during the negotiations on revising the 2002 telecoms regulatory framework, which were not completed until November 2009; and that, following this, there was a change of Commissioner, which further postponed any decision on the future of ENISA. He continues as follows:

"The Commission has now concluded that there is a need for ENISA to continue its activities enhancing security and resilience in the Communications sector. This reflects the positive view of the Agency in the general review conducted by the Commission and the Council Conclusions of June 2007[14] that saw a continued role for the Agency in this important area.

"In our view the Agency has produced some solid work since it was established. It has a strong standing in the community that deals with response to security incidents and has created new communities in areas such as awareness raising and risk management. It has not had a high impact, but is well regarded in the expert community and has been successful in bringing together communities of interest in the EU and in the area of risk management, CERT (computer emergency response team) co-operation and identifying best practice on awareness-raising amongst other things. It is now established to the point that the Commission has developed new roles for it in the promotion of critical information infrastructure protection (CIIP) and the Council identified a role for it in the implementation of the security elements of the new Framework Regulations."

2.27 The Minister then says that there were two problems built into the working environment for the Agency:

"firstly, in retrospect the resources allocated for it were too low. This was compounded by the second problem, the choice of Crete as the seat of the Agency… Regarding the location, it is the responsibility of the host Member State to maintain the arrangements for the operation of the Agency. The decision to ask Greece to host the Agency was taken by Heads of Government and discussions on the detail of the seat arrangements were conducted by the Greek authorities and the Commission. As this was a political decision the question of location cannot be revisited during negotiations."

2.28 The Minister then looks at some of the key issues as follows:

NETWORK AND INFORMATION SECURITY

"Network and Information Security (NIS) is an issue of critical importance to the UK as well as to all EU Member States. The increasing reliance on information and communications technology (ICT) and the need to ensure security and resilience thereof, is a high priority for the UK — reflected in the creation of the Office of Cyber Security and Information Assurance (OCSIA) in Cabinet Office and the Cyber Security Operations Centre (CSOC) in Cheltenham. However, ICT networks are globally interconnected networks and do not follow national boundaries. This means that there is significant benefit in having a level of coordination across Europe to bring together initiatives and information on NIS.

"For the UK, the Agency has been of benefit by drawing on EU expertise to enhance security and resilience of networks across the EU, and has made significant progress in its original tasks such as facilitating cooperation on NIS between EU Member States (and the Commission); bringing together stakeholders (including telecoms companies, and business) to facilitate discussion and exchange ideas; raising awareness of NIS and spreading good practice on how to improve and enhance the resilience and security of networks drawing on efforts across Europe; providing advice and support to Member States who are enhancing the resilience and security of their networks."

2.29 The Minister then notes that the Commission set out its priorities for NIS in its 2009 Communication on Critical Information Infrastructure Protection (CIIP), "Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience",[15] and says:

"ENISA has made a significant contribution in delivering a number of the objectives, including coordinating the first pan-European cyber exercise; this will help all participating European states including the UK enhance their ability to coordinate an emergency response to a cyber attack.

"Additionally ENISA has taken a leading role in facilitating discussion between Member States about how to effectively implement manage the new legislative security requirements which form part of the Telecommunications Framework Directive (itself a part of the European Regulatory Framework for Communications). This legislation also sees ENISA taking on a formal role as a body which will receive and coordinate information on outages of communications services across Europe."

AGENCY REMIT

"The new mandate allows ENISA to continue operating as a centre of excellence and expertise on Network and Information Security. The Commission has recognised the shifting needs in this policy area that have developed significantly since the Agency's inception in 2004, both in terms of technology and the increasingly high profile of NIS. ENISA will continue to carry out its current tasks and will expand its work programme to fit better with current needs. Updated tasks include:

  • "Formally taking on the role that ENISA has been undertaking on Critical Information Infrastructure Protection, and supporting the EU regulatory Agenda in this area more closely.
  • "Finding common ground with the law enforcement community to establish a role in the fight against cybercrime."

"By supporting the Commission's policy output in this area ENISA will have a formalised role to continue the work it is already performing under the CIIP and Framework Directive banner, and strengthen the Agency's position to develop thinking and sharing of ideas in this area, which allows for a more harmonised implementation of measures. Both these are area of work where ENISA has excelled in bringing together the right stakeholders to advance the policy debate effectively, despite not having any official role.

"In undertaking a specific role on the security aspects of cybercrime ENISA will be working closely with entities already operational in this arena such as privacy protection and law enforcement agencies, to address the network security aspects which are one part of the overall picture of fighting cybercrime. This proposal should add value in the fight against cybercrime through the pooling and effective dissemination of knowledge across different policy areas. This is an area which the Lords sub-Committee on European Affairs highlighted as being ripe for further collaboration initiatives between different key players to increase the effectiveness of policy and recommended the Commission to take forward."

2.30 The Minister then describes other key changes to the Agency focus on its operational capacity and governance structures as:

  • increased flexibility to focus on the key issues in this policy area as they develop;
  • a streamlined governance structure.

2.31 Of the first, the Minister says:

"It has become clear over the existing lifecycle of the Agency that ENISA needs the means to respond actively to new challenges within this policy area. By allowing more scope for ENISA to focus its resources on issues considered necessary by the Management Board and key stakeholders, it can provide relevant and timely support (both through research and position papers for example) to both the Commission and other stakeholders on key live issues."

2.32 Of the streamlined governance structure, the Minister says that it:

"enhances the role of the Management Board (made up of representatives from EU Member States including the UK), allowing it more flexibility in managing its workload as well as discretion in intervening in staff issues, which were previously the sole responsibility of the Executive Director. The increased adaptability of the Agency is designed to help ENISA achieve its goals by allowing it to concentrate on core, critical work as it arises, alongside the tasks set out in the annual work programme, which is approved by the Management Board. This reflects the reality of this fast-moving policy area, where priorities and what is critical tend to change relatively rapidly."

AGENCY LIFESPAN

"The Agency has been given another limited lifespan of five years; such existential restrictions are not generally the norm amongst European Union Agencies. This allows for ongoing evaluation of the continuing validity and relevance of the work being undertaken as well as the effectiveness of the Agency. In line with this there is also a review clause in the Regulation, to allow for re-evaluation of the Agency and any recommendations to be made to the Commission on improving the output and functioning of ENISA."

2.33 The Minister then notes that negotiations and due process on the new ENISA regulation are expected to take some time, and there is a risk that they are unlikely to be concluded before the present mandate expires in March 2012; and that the Amendment to the original ENISA Regulation, to extend the Agency's lifespan until September 2013, would allow for full debate and due process to be completed.

The Government's view

2.34 The Minister says that, overall, the Regulation extending and amending its mandate increases the momentum already established by ENISA, supports the high priority accorded to information security issues, both in the UK as well as in Europe and acknowledges the importance and changing scope of this policy area.

2.35 The Minister then notes that, as NIS and cyber-security policy are of such high importance, the UK is represented on the ENISA Management Board, and BIS, the Office for Cyber Security, the Centre for the Protection of National Infrastructure have worked closely with ENISA over the course of its existence, and continue to do so.

2.36 The Minister then further notes that the new Regulation does not set out any operational responsibilities for the Agency:

"Indeed the Commission appears to have demonstrated sensitivity to the need to ensure that the proposal does not develop into operational unit that carries out real-time network monitoring and advice, which would run the risk of not only duplicating work already carried out by Agencies in Member States, but also potentially crossing into national security issues. Any concerns relating to the balance of competence between the EU and UK will be carefully scrutinised to prevent any mission creep."

2.37 The Minister also draws attention to a report from our counterparts in the House of Lords into Protecting Europe from Large Scale Cyber Attacks, whose conclusions, he says:

—  included the hope that that agreement can be reached, well before the expiry of the current mandate, on extending the work of ENISA to matters such as police and judicial cooperation over criminal use of the Internet, with a commensurate increase in resources;

—  as well as being highly critical of the original location decision, also welcomed the fact that, to meet some of these problems, the government of Greece had recently made facilities available in Athens for ENISA meetings, and hoped that any conference facilities which ENISA may need there will be provided so that it can function as efficiently as possible;

—  supported consideration being given to increasing the number of staff to enable it to perform all its tasks satisfactorily;

2.38 The Minister then turns to the Financial Implications:

"To date the Agency's ability to make a bigger impact has been affected by the resources it can use to focus on output. Both the evaluation of the Agency as well as consultation with stakeholders indicated that the size of ENISA is currently below its critical mass and requires more resources. This has now been addressed by the Commission, who plan to give the Agency the resources required to carry out its existing and new activities satisfactorily.

"The Impact Assessment accompanying the Regulation sets out the resources allocated to the Agency. These will gradually increase over its lifetime of 2012-2016 set out in this Regulation. The European Commission expects the annual budget to increase from approximately €8 million to around €19 million by 2016 (including EFTA contributions).[16] The majority of ENISA's costs — almost two thirds — are made up by staff expenditure. In the event ENISA would continue under its current remit (à l'identique), it would cost just over €9 million by 2016. This means that, over the five year period 2012-2016, increasing the Agency's resources will cost an extra €21 million.

"Additionally, the Commission are proposing a review of the Agency's financing after 2013 (less than a year into the lifespan of the new mandate), which would allow the Commission to amend the financing of ENISA, therefore it remains unclear what the exact funding will be post 2013, as no indication has been given by the Commission.

"Subject to the Agency playing an increasingly important role in an area key to both the well-being of the UK and EU, there is some justification for the increase in budget. The EC has not been able to provide a quantification of benefits because there is no objective quantitative information available about the economics of NIS, in particular the impact that NIS breaches have and therefore how much additional security measures would save. However, the EC has conducted a qualitative assessment of the benefits and concluded that the extra investment is both reasonable and worthwhile (ref Impact Assessment). The Agency's new activities have also received the support of NIS stakeholders during the EC's consultation process. However, all additional resources allocated to the Agency should require solid justification, and which the UK will insist upon."

Conclusion

2.39 We have set out the history in some detail to show how difficult it has been from the outset for ENISA, through no fault of its own, to carry out the important tasks laid upon it. With a new Commissioner and a new Executive Director, there are now signs of greater effectiveness; and equally welcome signs of the host government playing the supportive role that it should have done from the outset, given its continuing insistence on ENISA's palpably unsuitable location.

2.40 We accordingly clear the proposed Regulation extending its mandate à l'identique until September 2013.

2.41 However, as the Minister makes clear, there is still much uncertainty surrounding the extension of its definitive mandate, both as to funding and extending ENISA's involvement into matters such as countering cyber-crime. We shall therefore retain the main draft Council Regulation under scrutiny.

2.42 We also ask the Minister to provide us with periodic updates as the negotiations proceed, ahead of any eventual decision to proceed to political agreement in the Council (in the first instance, after the 2 December Telecoms Council, should there be any discussion there and/or any Conclusions adopted).





8   For further information on ENISA, see http://www.enisa.europa.eu/about-enisa.  Back

9   The full report is at http://ec.europa.eu/dgs/information_society/evaluation/studies/s2006_enisa/docs/final_report.pdf. Back

10   See headnote: (28677) 10340/07: HC-41 xxviii (2006-07), chapter 2 (4 July 2007) and HC-41 xxxiii (2006-07), chapter 9 (2 October 2007). Back

11   See headnote: (29172) 15371/07 (29173) 15379/07 (29174) 15387/07 (29176) 15416/07 (29177) 15422/07 and (29175) 15408/07: HC 16-vi (2007-08), chapters 1 and 2 (12 December 2007). Back

12   See headnote. Back

13   See headnote: (29300) 16840/07: HC 16-xxii (2007-08), chapter 12 (4 June 2008). Back

14   COM(07) 285 final. Back

15   See (30528) 8375/09: HC 19- xxi (2008-09), chapter 1 (24 June 2009) for the previous Committee's consideration of this Communication. Back

16   EFTA contributions amount to about EUR 450,000 by 2016 or just over 2% of the total budget. Back


 
previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2010
Prepared 12 November 2010