You can see my presentation.
Yes. I can see it. I can see
You as, yeah, I would really, you know, of course the area is quite vast. Time is limited. So what I will do, I will just really touch some points and in any case would be happy to share the presentations with, with all the participants.
So I, I think this, this gives you a sort of some sort of pointers to different elements of our policies and financial instruments, and I will focus on some of them. So this, this gives you a little bit of a background of how we have been developing, you know, EU policy.
Again, I wouldn't say the obvious, you know, of course we deal with this at E level, given the border legislation and nature of cyber of cybersecurity threats and the need, obviously for, for E level and also international corporation, an important, you know, point was indeed the first cybersecurity strategy you have had, you know, NAS directive adopted four years ago, cybersecurity package.
And of course now most recently work also in the context of the crisis on, on, on, on, on, let's say cybersecurity dimension of COVID crisis, as well as on 5g toolbox, perhaps I would like spend few moments on the NAS directive, which is, let's say baseline cybersecurity legislation in Europe, which we are now in the process of reviewing. That basically means by the end of the year, our intention is to present an updated cybersecurity strategy and, and a new NIS building on what we have, what we have done so far.
The current structure of the legal instrument is basically, you know, making sure that we have minimum level of capability set member states level, that we actually have ways to cooperate effectively across Europe. And we put obligations on a rather limited set of companies, which are particularly critical for the society and the economy from the point of view of them taking on the one hand security measures, managing cyber security risk at the level of the company, and also importing notifying important cybersecurity incidents.
This are the areas of evaluation of the current directive.
When we look into this different different aspects. And now, you know, we are at a stage when indeed, you know, this are, let's say what are in our perspective, the main objectives we feel that, you know, the, and this is also related to, of course our collective experience of COVID, you know, the degree of our dependence on digital surpassed, I would say our, you know, expectations. And that is also the reason why we believe a larger part of economy and society should be covered in this instrument.
We need to actually also make, bring more alignments, you know, so that it's easier for the companies to, to, to actually implement those obligations. And we also see that there is more to do in terms of E level cooperation, crisis management. So these are basically, you know, some of this, let's say key key elements of this, of this, of this review.
And we basically expect, you know, that, that way, you know, having, we would be able to better, better basically taking into account the, the, the current current challenges.
You know, one of, I think good examples where we are reflecting on is how, for example, to, to, to, to highlight the importance of, of the supply chain security and supply relationships that are really critical. If you think about the overall cybersecurity posture, the second element that I wanted to bring to you is, is actually the issue of, you know, of, of, of, of telecom security and, and, and 5g. This has been a sector that has been in a way, a pioneer, you know, in this domain, given of course the, I would say high digital intensity of the telecom sector.
And here you see different types of measures we want to, to take in relation to, to, to, to, to the sector.
And it's possible inclusion also in the scope of the, of the NIS. And this is also I think, a very good occasion to, to tell you a bit more about the EU toolbox on 5g, cybersecurity, 5g security of 5g networks, which are going to lets say to be the backbone for the next generation of, of, of services, you know, for autonomous driving, you know, remote surgical, remote surgeries, we will be in a completely different ball game.
That's why the security of those networks is, is of actually critical importance. You have seen how much this also became part of your political tension commission has adopted recommendation on cybersecurity of 5g networks in March last year. It has been unprecedented joint effort with member states of carrying out national risk assessment and finally arriving at the Ted risk assessment.
And in January of this year, you know, the toolbox of mitigation measures was adopted, which I think is a very interesting example of which shows that in an area, which is sensitive, which is also across, across national security member states see the benefit of working together together in Europe.
And you, you, you see here, you know, further steps that have been taken by member states in order, you know, to, to take practical measures, to mitigate the risk.
You know, one issue that has been of course, very widely debated is, is the question of, you know, diversification of suppliers and specifically the assessment of risk related to the vendors of 5g equipment. So here we have some more elements that we expect that basically we'll take the stock of that work. And we'll reflect this also in the upcoming updated cybersecurity strategy, another important feature of new policies in the area of cyber securities.
Our, I would say strategic objective of making sure that products in the market are generally cyber secure. I think this is still, it feels still like a new area, which has not been really regulated. And the inclusion of certification, which is well known from other policy fields was seen as a, as an important step forward certification is ultimately about giving a user, giving a consumer certain degree of assurance that the product has feature it claims to have.
And that is in a way the, the, the basis it is never of course, an absolute guarantee of security, but it is an important indication of, of, of, of the work that has been devoted to, to, to first of all, embedding certain cybersecurity features and then testing them through independent evaluation.
So we in cybersecurity act that was adopted last year, we have created European cybersecurity certification framework, which by, I mean, which as a starting point remains voluntary, which would be composed of value schemes, catering, different categories of product and services that were wherever possible would be based on international standards. And that, you know, would be managed in a way that would allow for taking to account of various specific interests.
As you see, sorry, as you see the process is relatively complex, but, but it is a reflection of the fact that we need to balance the, you know, the, the, the views of, of, of member states, the views of the users of providers, of cybersecurity, product and solutions. And this is basically an ecosystem which we have created a Nissan European cybersecurity agency is playing a key role in leading the technical work on preparation of the so-called candidate schemes.
Once candidate schemes are being concluded, you know, they're turned into a low and adopted by the commissioners implemented regulations. We have now most advanced work on a first scheme, which will be based on common criteria, so-called common criteria, which is international system.
And, and it would not have recover products, for example, such as smart cards.
So this is the current state of play.
We also, at the end of the year, we will be presenting, you know, let's say the strategic vision for the development of the certification system, which is the union running work program on cybersecurity certification. Now the initiative that is very important, and it's also corresponds to the wider objectives of promoting, let's say technological autonomy of Europe is the creation of European cybersecurity competence center and the network of national coordination centers. It's a proposal that commission has made back in 2000, 2018. We are now at the final stage of the negotiation process.
We parliament it with the member states. The idea behind is actually pulled together, you know, the, the expertise, the research communities, and most importantly, the funding at European level, from different instruments, so that we can actually get the effect of, of the scale and actually ultimately be able to sustain and support, you know, a competitive cybersecurity state of the art industry in Europe.
So here you see some specific examples of what the competence center will will do.
As I said, it is not just about the, let's say one center in Europe, but it is about the whole network and community of, of, of those involved in development of cybersecurity products. Here is a quick, let's say information about privacy, but again, in the interest of time, I will, I will drop it. And perhaps given, you know, the time I would like just simply like make a, sort of a summary of what are our priorities for this year and clearly for the next year.
So this would be a conclusion of the negotiation on the competent center and, and, you know, hopefully it would, we would building it as of next year, so that it's ready to implement, you know, the, the new EU budget, notably the new program, which is called digital Europe program, which is where there is a significant portion devoted to cybersecurity.
We will have an updated cybersecurity strategy that would be adopted at the end of the year. We will also make announcements about division for the joints unit.
That was the idea of bring together different cybersecurity communities for a more effective EU level information sharing and response. So this was part of the political guidelines of the commission president or lion announced last year. And I think now, you know, we have been had, we have had discussions with members state, and we will be presenting divisions of how such a joint cyber unit could work, work like security of 5g networks indeed, as I said, is critical. So it's a further implementation of the measures that have been agreed use of mobile apps and data to combat COVID 19.
Yeah, this is very, very topical per per se. It is not about cybersecurity, but this project would only succeed.
If citizens would have a, a trust that privacy and cybersecurity of using their data is fully insured. So this is why we give a lot of attention to this.
And last but not least, you know what I've said in the beginning review of the nice directive, which we hope to put on the table as a part of the package by the end of the year, and basically start negotiations on this instrument, you know, in the beginning of next year, under the portugese presidency, I have presented to you what EU does at European level.
But I think it's extremely important that we always see this as complimentary action, which is of course built on not only what member states are doing, but actually what today in today's modern world, every organization is and should be doing. You know, that is to take cybersecurity as a core business, you know, as a task that requires serious attention from a, from a, from a board level that requires serious investment. Because if not basically, you know, the, the, the, the, the essence of, of our business operations of the services to the society, you know, is, is, is at risk.
So that's why we have to be, we have to see really as a, as a big collective effort where actions at European level can support, you know, the, the, the activities of the others. So thank you very much.
I, I will stop here and I dunno if you have any time for questions, I would be happy to take some, some of those.
