The European Cybersecurity Competence Centre (ECCC), together with the Network of National Coordination Centres (NCCs), is Europe’s new framework to support innovation and industrial policy in cybersecurity. This ecosystem will strengthen the capacities of the cybersecurity technology Community, shield our economy and society from cyberattacks, maintain research excellence and reinforce the competitiveness of EU industry in this field.
The ECCC, which will be located in Bucharest, will develop and implement, with Member States, industry and the cybersecurity technology Community, a common agenda for technology development and for its wide deployment in areas of public interest and in businesses, in particular SMEs.
The Centre and the Network together will enhance our technological sovereignty through joint investment in strategic cybersecurity projects.
The Centre and the Network will make strategic investment decisions and pool resources from the EU, its Member States and, indirectly, the industry to improve and strengthen technology and industrial cybersecurity capacities, enhancing the EU’s open strategic autonomy. The Centre will play a key role in delivering on the ambitious cybersecurity objectives of the Digital Europe Programme and Horizon Europe programmes.
The Centre together with the Network will support the deployment of innovative cybersecurity solutions. It will also facilitate collaboration and the sharing of expertise and capacities among all relevant stakeholders, in particular research and industrial communities, as well as public authorities, in the Community.
Regulation establishing the ECCC
On 8 June 2021, the Regulation establishing the European Cybersecurity Competence Centre and Network was published.
During the negotiations that led to the adoption of the Regulation, the EU co-legislators (the European Parliament and the Council) agreed in particular on a co-financing approach by which Member States commit to contributing to the work of the Centre and the Network, while keeping individual Member States’ contributions voluntary.
The co-legislators also agreed on the distribution of voting rights between Member States and the Union in the Centre’s Governing Board, giving the Union particular voting powers on decisions affecting the EU budget.
The ECCC is a new EU body established under articles 173(3) and 188(1) of the Treaty on the Functioning of the European Union (TFEU).
The ECCC is currently being set up. The Commission will ensure the functioning of the ECCC until this new EU body can operate autonomously.
The ECCC administrative and governance structure includes:
- A Governing Board which provides strategic orientation and oversees ECCC activities.
- An Executive Director who is the ECCC’s legal representative and is responsible for its day-to-day management.
- A Strategic Advisory Group that ensures a comprehensive, ongoing and permanent dialogue between the Community and the Competence Centre.
The ECCC will closely cooperate with the Network of National Coordination Centres (NCCs), one per Member State, which support the cybersecurity Community at national level and under certain conditions can pass on EU funding.
Composition and operation of the Governing Board
- Members of the Governing Board: One representative from each Member State and two representatives from the Commission (and an alternate for each representative), with cybersecurity knowledge and managerial skills; renewable term of four years
- Observers, including ENISA as permanent observer, and other observers on an ad-hoc basis
- A Chairperson and a Deputy Chairperson elected among the members of the Governing Board for three years, once renewable.
- The Executive Director will take part in the meetings of the Governing Board but shall have no right to vote
- In principle, all decisions are taken by consensus among the members of the Governing Board.
- Where decisions cannot be taken by consensus, decisions shall be taken by a majority of at least 75% of all votes, with every Member State and the Commission having one vote. For decisions concerning the description of “joint actions” and the conditions of their implementation, the vote is proportional to the financial contributions of the members participating in the action.
- The Union holds 26% voting rights for decisions affecting the EU budget.
Key functions of the Governing Board
- To provide strategic orientations and oversee the Centre’s activities
- To adopt the work programme, annual budget, consolidated annual activity report
- To adopt the financial rules, the anti-fraud strategy, rules for the prevention and management of conflicts of interest, communication policy
- To set up working groups within the Community
- To appoint the Executive Director and the Accounting Officer
- To appoint the members of the Strategic Advisory Group
- Responsible for the day-to-day management of the Centre
- Responsible for the implementation of the tasks assigned to the Centre by the Regulation
- Assists and supports the Governing Board on behalf of the staff of the ECCC
- Prepares and implements the work programme and reports to the Governing Board
National Coordination Centres (NCCs)
- One NCC from each Member State
- Nominated by Member States and notified to the Commission
- Possess or have access to research and technological expertise in cybersecurity
- Key function: national capacity building, and link with existing initiatives and national cyber community
- Can effectively engage and coordinate with industry, academia and research community, citizens, and the public sector and authorities under NIS
- Can receive direct EU grants
- Can provide financial support to third parties
Strategic Advisory Group
- Composition: 20 members appointed by the Governing Board from among the representatives of the entities of the cyber Community
- Expertise in cybersecurity research, industrial development, professional services or products
- Two-year term, once renewable
- Meets at least three times per year
- Advises the Governing Board on establishing working groups
- Organises public consultations to collect input that it provides to the Executive Director and the Governing Board with regard to the agenda, the annual work programme and the multi-annual work programme