This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…
Guidelines for SMEs on the security of personal data processing
ENISA undertook a study to support SME’s on how to adopt security measures for the protection of personal data, following a risk-based approach. In particular, the objectives of the study were to facilitate SMEs in understanding the context of the…
Security Framework for Trust Service Providers
This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation. As illustrated below, this security framework includes specific guidelines for TSP on: 1) Risk management related to the security of the eIDAS…
Remote ID Proofing
This report provides an overview of the most common methods for identity proofing with some examples received by stakeholders, presents the current legal / regulatory landscape and supporting standards at the international and EU level and provides…
Stock taking of security requirements set by different legal frameworks on OES and DSPs
In order to support organisations in their process of identifying appropriate security measures, based on the provisions of both NISD and GDPR, this report uses as basis the pre-existing ENISA guidance and presents a mapping of already identified…
Geopolitics Accelerates Need For Stronger Cyber Crisis Management
ENISA publishes a study on ‘Best Practices for Cyber Crisis Management’ that assists in preparation for crisis management. The study was conducted for the EU Cyber Crisis Liaison Organisation Network (CyCLONe) and is now available publicly.
Annual Privacy Forum (APF) 2025
After 12 years, the Annual Privacy Forum (APF) enters into a new era! ENISA passes the baton to Goethe University Frankfurt and Karlstad University for the continuation of the successful event that bridges research and policy…
Engineering Data Protection in the wake of AI
ENISA organizes a webinar aiming to discuss the latest developments and considerations on engineering personal data protection in the AI era.