
REGULATION (EU) 2019/881 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (Text with EEA relevance) (revoked) 

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

TITLE I
GENERAL PROVISIONS
Subject matter and scope
Article 1 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Definitions
Article 2 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
TITLE II
ENISA (THE EUROPEAN UNION AGENCY FOR CYBERSECURITY)
CHAPTER I
Mandate and objectives
Mandate
Article 3 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Objectives
Article 4 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CHAPTER II
Tasks
Development and implementation of Union policy and law
Article 5 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Capacity-building
Article 6 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Operational cooperation at Union level
Article 7 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Market, cybersecurity certification, and standardisation
Article 8 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Knowledge and information
Article 9 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Awareness-raising and education
Article 10 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Research and innovation
Article 11 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
International cooperation
Article 12 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CHAPTER III
Organisation of ENISA
Structure of ENISA
Article 13 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Section 1
Management Board
Composition of the Management Board
Article 14 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Functions of the Management Board
Article 15 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chairperson of the Management Board
Article 16 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Meetings of the Management Board
Article 17 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Voting rules of the Management Board
Article 18 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Section 2
Executive Board
Executive Board
Article 19 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Section 3
Executive Director
Duties of the Executive Director
Article 20 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Section 4
ENISA Advisory Group, Stakeholder Cybersecurity Certification Group and National Liaison Officers Network
ENISA Advisory Group
Article 21 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Stakeholder Cybersecurity Certification Group
Article 22 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
National Liaison Officers Network
Article 23 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Section 5
Operation
Single programming document
Article 24 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Declaration of interests
Article 25 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Transparency
Article 26 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Confidentiality
Article 27 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Access to documents
Article 28 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CHAPTER IV
Establishment and structure of ENISA’s budget
Establishment of ENISA’s budget
Article 29 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Structure of ENISA’s budget
Article 30 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Implementation of ENISA’s budget
Article 31 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Financial rules
Article 32 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Combating fraud
Article 33 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CHAPTER V
Staff
General provisions
Article 34 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Privileges and immunity
Article 35 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Executive Director
Article 36 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Seconded national experts and other staff
Article 37 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CHAPTER VI
General provisions concerning ENISA
Legal status of ENISA
Article 38 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Liability of ENISA
Article 39 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Language arrangements
Article 40 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Protection of personal data
Article 41 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cooperation with third countries and international organisations
Article 42 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Security rules on the protection of sensitive non-classified information and classified information
Article 43 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Headquarters Agreement and operating conditions
Article 44 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Administrative control
Article 45 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
TITLE III
CYBERSECURITY CERTIFICATION FRAMEWORK
European cybersecurity certification framework
Article 46 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Union rolling work programme for European cybersecurity certification
Article 47 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Request for a European cybersecurity certification scheme
Article 48 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Preparation, adoption and review of a European cybersecurity certification scheme
Article 49 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Website on European cybersecurity certification schemes
Article 50 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Security objectives of European cybersecurity certification schemes
Article 51 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Assurance levels of European cybersecurity certification schemes
Article 52 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Conformity self-assessment
Article 53 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Elements of European cybersecurity certification schemes
Article 54 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Supplementary cybersecurity information for certified ICT products, ICT services and ICT processes
Article 55 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cybersecurity certification
Article 56 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
National cybersecurity certification schemes and certificates
Article 57 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
National cybersecurity certification authorities
Article 58 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Peer review
Article 59 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Conformity assessment bodies
Article 60 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Notification
Article 61 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
European Cybersecurity Certification Group
Article 62 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Right to lodge a complaint
Article 63 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Right to an effective judicial remedy
Article 64 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Penalties
Article 65 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
TITLE IV
FINAL PROVISIONS
Committee procedure
Article 66 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Evaluation and review
Article 67 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Repeal and succession
Article 68 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Entry into force
Article 69 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ANNEX
REQUIREMENTS TO BE MET BY CONFORMITY ASSESSMENT BODIES

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
