The six-months-long Czech Presidency of the Council of the European Union (CZ PRES) has finished. While it was historically the second presidency for the Czech Republic, for the National Cyber and Information Security Agency (NÚKIB) as the central administrative body for cyber security, it was a premiere, due to its establishment only 5 years ago. However, it was a successful one. We managed to lead several working groups in the Council and outside of it, successfully organized a wide range of meetings, conferences, seminars and we have also fulfilled all three defined priorities for CZ PRES:
- reaching consensus across all Member States on a proposal for a Regulation of the European Parliament and of the Council of the EU setting out measures to ensure a high common level of cybersecurity in EU institutions, bodies and agencies,
- advancing negotiations on the draft of the Cyber Resilience Act (CRA),
- enhancing and reinforcing the topic of supply chain cybersecurity in information and communication technologies (ICT).
Although NÚKIB had already been working on these issues before the Presidency, which we intend to continue to do in the future, CZ PRES has offered us a unique opportunity to take the lead and to move forward with our priorities. In this spirit, Lukáš Kintr, the Director of NÚKIB, expressed himself at the NIS Cooperation Group Meeting in September: "We will do our very best to move the cybersecurity agenda forward and thus significantly strengthen the resilience of the European Union as a whole." The fulfilment of all three priorities of NÚKIB has helped to achieve the Czech Republic's cybersecurity objectives set for CZ PRES and to build a substantial basis for further direction of the Czech Republic, as well as of the Union as a whole. We have therefore succeeded in fulfilling the goals we had set for the Presidency.
What exactly did we achieve? In October, the Council of the EU adopted conclusions on ICT supply chain cybersecurity, which highlighted the importance of joint action in addressing this issue, and outlined concrete steps and initiatives needed to strengthen this area across all EU Member States. This should eventually lead to reducing the impact of risky suppliers on the most important national information infrastructures. NÚKIB is already finalising the legislation draft that will reflect this objective and enhance the Czech Republic's cyber security.
Another priority set for CZ PRES was fulfilled in November, when the Council of the EU approved a general approach and thus expressed a unified position of all 27 Member States on the regulation draft on cybersecurity of the Union's institutions, bodies, offices and agencies. This regulation intends to enhance and fill the gaps in the current unsatisfactory state, where there are no common rules between EU entities and large differences in their levels of cybersecurity. The general approach was negotiated in a working party chaired by NÚKIB.
Last but not least, our priority was to start the debate on the Cyber Resilience Act, which sets out rules for the placing of products with digital elements on the European market. The aim of the CRA is to ensure the cybersecurity of these products throughout their lifecycle and to improve the awareness of their users. Following a readthrough of the proposal, the first revision of the text focused on the scope of the regulation was also prepared during CZ PRES and a progress report written by our Agency was approved. It will now be up to our Swedish colleagues to take the next steps necessary for adoption of this regulation.
Within the framework of CZ PRES, NÚKIB has organised approximately sixteen international events in Brno, Prague and Brussels, which were attended physically or virtually by hundreds of people. One of these events was the first informal reception of delegates of the EU’s Horizontal Working Party on Cyber Issues and NATO’s Cyber Defence Committee. The aim behind it was to strengthen cooperation between the EU and NATO, which was also one of the main priorities of the Czech Republic during the Presidency. It was the first ever meeting of this format, therefore we had successfully started a tradition in which the upcoming Presidencies intend to continue. However, without a doubt, the biggest and most important event was the high-level Prague Cyber Security Conference held on 3 November 2022, which was attended by over 500 cyber security experts from more than 80 countries, EU and NATO.
The aim of all activities was not only to exchange practical experience, but also to deepen mutual cooperation of all like-minded partners. The common goal has always been and always will be the strengthening of the EU’s security, to which we had, at least in the cyber area, significantly contributed by fulfilling the set priorities.