Search

By Topics

By Type

Published on

Security Framework for Trust Service Providers

Publications

This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation. As illustrated below, this security framework includes specific guidelines for TSP on: 1) Risk management related to the security of the eIDAS…
Private Sector

European Cybersecurity Skills Framework Role Profiles

Publications

The ECSF role profiles document lists the 12 typical cybersecurity professional role profiles along with their identified titles, missions, tasks, skills, knowledge, competences. The main purpose of this framework is to create a common…

National / EU authorities, Private Sector

European Cybersecurity Skills Framework (ECSF) - User Manual

Publications

The ECSF User Manual provides a comprehensive overview of the ECSF’s main scope, framework principles and application opportunities. The primary purpose of the manual is to make the ECSF easily accessible by, understandable for, and usable by all…
National / EU authorities, Private Sector

Security Framework for Qualified Trust Service Providers

Publications

This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation, to which both non-QTSP and QTSP are subject. Nevertheless, Article 19.1 states that the security measures “shall ensure that the level of…
Private Sector
Cover page of an ENISA report titled 'Cybersecurity Roles and Skills for NIS2 Essential and Important Entities', featuring a person typing on a laptop with floating digital icons representing cybersecurity roles. The report is dated June 2025 and maps NIS2 obligations to the ECSF.

Cybersecurity roles and skills for NIS2 Essential and Important Entities

Publications

 ENISA in line with articles 6 and 10 of the Cybersecurity Act , prepared this guidance document on the skills and roles for the cybersecurity professionals needed to meet these legal requirements effectively. The guidance is based on the…

National / EU authorities, Private Sector

Stock taking of security requirements set by different legal frameworks on OES and DSPs

Publications

In order to support organisations in their process of identifying appropriate security measures, based on the provisions of both NISD and GDPR, this report uses as basis the pre-existing ENISA guidance and presents a mapping of already identified…
Private Sector

Security framework for Trust Service Providers - Technical guidelines on trust services

Publications

Article 19, which is the main focus of this document, of the eIDAS Regulation, states that Trust Service Providers have to demonstrate due diligence, in relation to the identification of risks and adoption of appropriate security practices, and…

Private Sector

Towards a framework for policy development in cybersecurity - Security and privacy considerations in autonomous agents

Publications

One of the key aspects in autonomous systems is the data collected, mainly for supporting the demanding functionality in a qualitative and timely manner. The current study highlights a number of relevant security and privacy considerations, such as…
Private Sector
Visual with a background image of a NIS2-themed book, featuring the ENISA logo and the text: “Turning security measures into clear practical steps. ENISA publishes technical implementation guide.

Supporting NIS2 implementation through actionable guidance

News

The EU Agency for Cybersecurity (ENISA) publishes a technical guideline for the security measures of the NIS2 Implementing Regulation to assist digital infrastructures and managed service providers.

National / EU authorities, Private Sector

Addressing Skills Shortage and Gap Through Higher Education

Publications

In this report, ENISA contributes to both practice and research on the cybersecurity skills shortage and gap in two distinctive areas. Firstly, it provides an overview of the current supply of cybersecurity skills in Europe through an analysis of…

National / EU authorities