Publications

Featured publications

ENISA Threat Landscape 2025

Download

Through a more threat-centric approach and further contextual analysis, this latest edition of the ENISA Threat Landscape analyses 4875 incidents over a period spanning from 1 July 2024 to 30 June 2025. At its core, this report provides an…

NIS2 Technical Implementation Guidance

Download

This report provides technical guidance to support the implementation of the NIS2 Directive for several types of entities in the NIS2 digital infrastructure, ICT service management and digital providers sectors. The…

ENISA NIS360 2024

Download

The NIS360 is a new ENISA product that assesses the maturity and criticality of sectors of high criticality under the NIS2 Directive, providing both a comparative overview and a more in-depth analysis of each sector. The NIS360 is designed to…

All publications

By topics

By type

Publish Date

IoT Security Standards Gap Analysis

This study analyses the gaps and provides guidelines for, in particular, the development or repositioning of standards, facilitating the adoption of standards and governance of EU standardisation in the area of NIS.
Private Sector

Towards global acceptance of eIDAS audits

The goal of the study is to explore the eIDAS Conformity Assessment Report (CAR), the corresponding audit requirements, gaps arising from comparison with competing audit schemes, and the emergent issues at the core of the global conversation between…
Private Sector
technical reports on cybersecurity situation the state of cyber security vulnerabilities

State of Vulnerabilities 2018/2019 - Analysis of Events in the life of Vulnerabilities

The purpose of this report is to provide an insight on both the opportunities and limitations the vulnerability ecosystem offers. By using the vulnerabilities published during the year of 2018 and Q1-Q2 of 2019 as a vehicle, this report goes beyond…
National / EU authoritiesPrivate Sector

Cooperation between CSIRTs and Law Enforcement: interaction with the Judiciary

This report aims to support the cooperation between CSIRTs and Law Enforcement, as well as their interaction with the judiciary in their fight against cybercrime, by providing information on the legal, organisational, technical and cultural aspects…
National / EU authorities

Cyber Europe 2018 - After Action Report

ENISA has compiled all the information gathered during the exercise and produced an after-action report, identifying challenges and main takeaways, and making useful recommendations for the participants.
National / EU authorities

Analysis of the European R&D priorities in cybersecurity

The present document provides a series of recommendations for the priorities in the EU for R&D in the domain of ICT security made after analysis of a wide series of interviews with domain experts. The proposed research priorities have the aim to…
National / EU authorities

Economics of Vulnerability Disclosure

Vulnerability disclosure refers to the process of identifying, reporting and patching weaknesses of software, hardware or services that can be exploited. The different actors within a vulnerability disclosure process are subject to a range of…
National / EU authoritiesPrivate Sector

Assessment of Standards related to eIDAS

In this report, ENISA presents aspects of QSCD certification and QTSP supervision to identify the way to combine respective elements therein, in line with the eIDAS requirements. In this context, this report seeks to support standards CEN EN 419 241…
Private Sector

Guideline on assessing security measures in the context of Article 3(3) of the Open Internet regulation

This guideline regards the security exceptions in the EU net neutrality rules. It offers a checklist and an evaluation form to help NRAs in deciding whether or not a provider is allowed to take a security measure, for example blocking certain…

Good practices on interdependencies between OES and DSPs

This study is concerned with dependencies and interdependencies among Operators of Essential Services (OES) and Digital Service Providers (DSPs) as defined in the NIS Directive and addresses emerging dependencies and interdependencies across sectors…
National / EU authoritiesPrivate Sector