icon-grid
Better Regulation logo
Table of Contents

Table of Contents

Expand all headings Collapse all headings Expand side bar Collapse side bar
Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (Text with EEA relevance)RecitalsTitle I General provisions (arts. 1-2)Article 1 Subject matter and scopeArticle 2 DefinitionsTitle II ENISA (The European union agency for cybersecurity) (arts. 3-45)Chapter I Mandate and objectives (arts. 3-4)Article 3 MandateArticle 4 ObjectivesChapter II Tasks (arts. 5-12)Article 5 Development and implementation of Union policy and lawArticle 6 Capacity-buildingArticle 7 Operational cooperation at Union levelArticle 8 Market, cybersecurity certification, and standardisationArticle 9 Knowledge and informationArticle 10 Awareness-raising and educationArticle 11 Research and innovationArticle 12 International cooperationChapter III Organisation of ENISA (arts. 13-28)Article 13 Structure of ENISASection 1 Management Board (arts. 14-18)Article 14 Composition of the Management BoardArticle 15 Functions of the Management BoardArticle 16 Chairperson of the Management BoardArticle 17 Meetings of the Management BoardArticle 18 Voting rules of the Management BoardSection 2 Executive Board (art. 19)Article 19 Executive BoardSection 3 Executive Director (art. 20)Article 20 Duties of the Executive DirectorSection 4 ENISA Advisory Group, Stakeholder Cybersecurity Certification Group and National Liaison Officers Network (arts. 21-23)Article 21 ENISA Advisory GroupArticle 22 Stakeholder Cybersecurity Certification GroupArticle 23 National Liaison Officers NetworkSection 5 Operation (arts. 24-28)Article 24 Single programming documentArticle 25 Declaration of interestsArticle 26 TransparencyArticle 27 ConfidentialityArticle 28 Access to documentsChapter IV Establishment and structure of ENISA's budget (arts. 29-33)Article 29 Establishment of ENISA's budgetArticle 30 Structure of ENISA's budgetArticle 31 Implementation of ENISA's budgetArticle 32 Financial rulesArticle 33 Combating fraudChapter V Staff (arts. 34-37)Article 34 General provisionsArticle 35 Privileges and immunityArticle 36 Executive DirectorArticle 37 Seconded national experts and other staffChapter VI General provisions concerning ENISA (arts. 38-45)Article 38 Legal status of ENISAArticle 39 Liability of ENISAArticle 40 Language arrangementsArticle 41 Protection of personal dataArticle 42 Cooperation with third countries and international organisationsArticle 43 Security rules on the protection of sensitive non-classified information and classified informationArticle 44 Headquarters Agreement and operating conditionsArticle 45 Administrative controlTitle III Cybersecurity certification framework (arts. 46-65)Article 46 European cybersecurity certification frameworkArticle 47 The Union rolling work programme for European cybersecurity certificationArticle 48 Request for a European cybersecurity certification schemeArticle 49 Preparation, adoption and review of a European cybersecurity certification schemeArticle 50 Website on European cybersecurity certification schemesArticle 51 Security objectives of European cybersecurity certification schemesArticle 52 Assurance levels of European cybersecurity certification schemesArticle 53 Conformity self-assessmentArticle 54 Elements of European cybersecurity certification schemesArticle 55 Supplementary cybersecurity information for certified ICT products, ICT services and ICT processesArticle 56 Cybersecurity certificationArticle 57 National cybersecurity certification schemes and certificatesArticle 58 National cybersecurity certification authoritiesArticle 59 Peer reviewArticle 60 Conformity assessment bodiesArticle 61 NotificationArticle 62 European Cybersecurity Certification GroupArticle 63 Right to lodge a complaintArticle 64 Right to an effective judicial remedyArticle 65 PenaltiesTitle IV Final provisions (arts. 66-69)Article 66 Committee procedureArticle 67 Evaluation and reviewArticle 68 Repeal and successionArticle 69 Entry into forceAnnex - Requirements to be met by conformity assessment bodiesDone at
Document Overview
Tools
Set a date to view the document
Text comparison options
Full text - Date 1 vs Date 2
Amendments requiring commencement - Current text vs Text requiring commencement
Draft proposed changes - Current text vs Text proposed by drafting documents
Coming soon: Any documents - Any document vs Another document at any date
Print / Export options
Current page
Whole document
Selected pages
Consolidated PDF of the entire document as of 26th December 2024
Export
Export line by line
Export provision to provision
Report template
Create report template
Alert me to changes
Manage alerts
Bookmarks
This page
This document
Manage bookmarks
Search within this document
View previous searches
Share
Get page link
Share via email application
PreviousNext
Version status: Entered into force | Document consolidation status: No known changes
Version date: 27 June 2019 - onwards
Version 2 of 2

Article 27 Confidentiality

1. Without prejudice to Article 28, ENISA shall not divulge to third parties information that it processes or receives in relation to which a reasoned request for confidential treatment has been made.

2. Members of the Management Board, the Executive Director, the members of the ENISA Advisory Group, external experts participating in ad hoc working groups, and members of the staff of ENISA, including officials seconded by Member States on a temporary basis, shall comply with the confidentiality requirements of Article 339 TFEU, even after their duties have ceased.

3. ENISA shall lay down, in its internal rules of operation, the practical arrangements for implementing the confidentiality rules referred to in paragraphs 1 and 2.

4. If required for the performance of ENISA’s tasks, the Management Board shall decide to allow ENISA to handle classified information. In that case ENISA, in agreement with the Commission services, shall adopt security rules applying the security principles set out in Commission Decisions (EU, Euratom) 2015/443 [Commission Decision (EU, Euratom) 2015/443 of 13 March 2015 on Security in the Commission (OJ L 72, 17.3.2015, p. 41).] and 2015/444 [Commission Decision (EU, Euratom) 2015/444 of 13 March 2015 on the security rules for protecting EU classified information (OJ L 72, 17.3.2015, p. 53).]. Those security rules shall include provisions for the exchange, processing and storage of classified information.

PreviousNext