No results...

Study to support the evaluation of the European Union Agency for Cybersecurity (ENISA) and the European Cybersecurity Certification Framework according to Regulation (EU) 2019/881

The purpose of this evaluation was to assist the Commission in providing a comprehensive evaluation of European Union Agency for Cybersecurity (ENISA), delivering evidence-informed conclusions and recommendations regarding the Agency's performance, the Cybersecurity Certification Framework, and the potential need for altering the current Regulation.

Broadly, the objectives of the evaluation can be grouped into two primary sections:

  • Objective A: The comprehensive evaluation of ENISA's performance, encompassing an assessment of its effectiveness, efficiency, coherence, relevance and added value within the EU, considering its performance, governance, organisational structure, and working practices.
  • Objective B: An evaluation of the European Cybersecurity Certification Framework, focusing on its impact, effectiveness, and efficiency.

The evaluation involved a mix of qualitative and quantitative methods. We conducted desk research (a literature and documentary review, an analysis of monitoring and administrative data and case studies on selected focus areas), stakeholder consultations (interviews and surveys), qualitative content analysis and workshops.

Challenges

  • New and evolving field of cybersecurity.
  • Complex structure of the project (with a total of seven tasks).
  • Possibility of biased opinions and perceptions during consultation activities
  • High interest from industry stakeholders with different agenda

Opportunities

  • Further strengthening our presence in the strategic market of DG CNECT (digital policy)
  • Further consolidating the position of PPMI in the field of evaluating the performance of EU decentralised agencies
  • Opportunity to gain knowledge in the growing field of cybersecurity and to contribute to information security within the EU