Cover Image

Technical guideline on incident reporting under the EECC

In December 2018, the new set of telecom rules called the European Electronic Communications Code (abbreviated as EECC) was published and it entered into force. The EECC updates the EU telecom package of 2009 and paves the way for the roll out of fibre, very high capacity networks and next generation mobile networks (5G). EU countries have to transpose this EU directive into national law by the end of 2020. An important part of the EECC is consumer protection and security of electronic communications. More services are in scope and the terms security and security incidents are now defined. Article 40 of the EECC contain detailed security requirements for electronic communication providers and article 41 empowers the competent authority with respect to the implementation and enforcement of these requirements. More specifically, Article 40 requires that providers of public electronic communications networks or services manage security risks posed to the security of networks and services and take security measures including encryption where appropriate. It also requires providers to report about significant incidents to competent national authorities, who should report about these security incidents to ENISA and the European Commission (EC) annually. This document describes the formats and procedures for cross border reporting and annual summary reporting under Article 40 of the EECC. Paragraph 2 of Article 40 describes three types of incident reporting: 1) National incident reporting from providers to CAs, 2) Ad-hoc incident reporting between CAs and ENISA, and 3) Annual summary reporting from CAs to the EC and ENISA. The focus of this guideline is on the 2nd and 3rd type of reporting: ad-hoc reporting and annual summary reporting. Article 40 and 41 of the EECC replace Article 13a and b of the Telecoms Framework directive. This document replaces the Article 13a incident reporting guideline that was developed by the ECASEC group (formerly the Article 13a Expert Group), under the old legal framework. The ECASEC Expert Group is a group of competent authorities on telecom security, set up in 2010 to develop a common EU-wide approach to the implementation of Article 13a.
Year of publication:
[2021]
Other Persons: Dekker, Marnix (contributor) ; Vytogianni, Eleni (contributor)
Institutions: European Union Agency for Cybersecurity (issuing body)
Publisher: Heraklion : ENISA_2
Extent:
1 Online-Ressource (30 p.)
Illustrationen (farbig)
Type of publication: Book / Working Paper
Language: English
Notes:
March 2021
ISBN: 978-92-9204-471-8
Other identifiers:
10.2824/633879 [DOI]
Source:
ECONIS - Online Catalogue of the ZBW
Persistent link: https://www.econbiz.de/10015281347
Similar items by person