• Implementation plans and monitoring, evaluation and reporting arrangements

The provisions to be amended by the proposal will be evaluated as part of the periodic evaluation of the Cybersecurity Act to be carried out by the Commission in accordance with Article 67 thereof. That evaluation assesses, inter alia, the impact, effectiveness and efficiency of the provisions on the Cybersecurity Certification Framework with regard to the objectives of ensuring an adequate level of cybersecurity of ICT products, ICT services and ICT processes in the Union and of improving the functioning of the internal market. The proposal contains an amendment that ensures that the evaluation is also to cover managed security services. The Commission also sends a report on the evaluation and its conclusions to the European Parliament, the Council and the ENISA Management Board and makes the findings of the report public.

• Detailed explanation of the specific provisions of the proposal

The proposal contains two articles. While Article 1 contains the amendments to Regulation (EU) 2019/881, Article 2 concerns the entry into force. Article 1 contains targeted amendments to amend the scope of the European cybersecurity certification framework in the Cybersecurity Act to include 'managed security services' (Articles 1 and 46 of the Cybersecurity Act). It introduces a definition of those services, which is very closely aligned to the definition of 'managed security services providers' under the NIS 2 Directive (Article 2 of the Cybersecurity Act). It also adds a new Article 51a on the security objectives of European cybersecurity certification adapted to 'managed security services'. Lastly, the proposal contains a number of technical amendments to ensure that the relevant articles apply also to 'managed security services'.