Till now, the European Union has developed a series of instruments for the protection of electronic communications networks, including the Network and Information System Safety Directive (NIS Directive), the EU's Cyber Security Act and the New Telecom Rules.
The directive introduced new mechanisms for EU-level cooperation, measures to increase national capabilities and obligations for key service providers and digital service providers to introduce risk management practices and report significant incidents to national bodies. The cyber-security act introduces for the first time EU-wide rules for the certification of products, processes and services. In addition, it establishes a new permanent mandate of the EU Agency for the Enviroment (ENISA), and is allocated more resources to achieve its goals. Cyber security certification plays an important role as it strengthens the reliability and security of products, services and processes that are crucial to the undisturbedly functioning of a single digital market. Given the wide diversity and numerous uses of ICT products, services and processes, the European framework for cyber security enables the creation of tailor-made EU certification programs taking risks into account. Specifically, each European program should include: a) categories of involved products and services, b) cyber security requirements, for example by referring to standards or technical specifications, c) the type of evaluation (eg self-assessment or third party evaluation) and d) the foreseen level of guarantee (eg basic, significant and / or high level). Member states are responsible for maintaining the integrity and security of public communications networks and must ensure that operators take technical and organizational measures to adequately manage risk for network and service safety. These regulations confer powers on competent state regulatory bodies, eg to publish binding instructions and ensure their respect. In addition, member states may, by general authorizations of operators to add conditions relating to the safety of public networks against unauthorized access in order to protect the confidentiality of communications.