• Ex post evaluations/fitness checks of existing legislation

Not applicable.

• Stakeholder consultations

Targeted consultations with Member States and ENISA have been carried out. In these consultations, Member States described their current activities and views as regards certification of managed security services. ENISA explained its views and its findings from discussions with Member States and stakeholders. The comments and information received from Member States and ENISA have fed into this proposal.

• Collection and use of expertise

Not applicable.

• Impact assessment

A waiver from the need for an impact assessment has been requested as the proposal is a very limited and targeted amendment to the Cybersecurity Act. It would empower the Commission to adopt, by means of implementing acts, certification schemes for 'managed security services', in addition to ICT products, ICT services and ICT processes, which are already covered by the Act. However, the amendment would only have an effect once such certification schemes are adopted at a later stage. Moreover, the amendment would not change the voluntary character of the certification schemes.

• Regulatory fitness and simplification

Not applicable.

• Fundamental rights

The proposal does not have any foreseeable consequences for the protection of fundamental rights.