New steps for improving the EU Civil Protection Mechanism

On 26 March 2020, the European Council discussed the EU's response to the COVID-19 pandemic. It subsequently invited the European Commission to make proposals to establish “a more ambitious and wide-ranging crisis management system” in the EU. With this in mind, the Commission proposed, within less than two months, amending the Union Civil Protection Mechanism (UCPM). The overall aim of this legislative proposal is to ensure that the EU can provide its citizens in Europe and beyond with better crisis and emergency support. 

The Commission’s proposal boosts the UCPM budget capacities from €1.4 billion to €3.5 billion for 2021-2027 to help the mechanism take on new responsibilities, such as creating strategic reserves of medical equipment, developing medical evacuation capacities, or forming emergency medical teams.

According to an Opinion published on October 2, by the European Court of Auditors, the recent proposal on amending the EU's 'Union civil protection mechanism' (UCPM) needs further clarification. In particular, it remains to be decided how its increased resources will be used and monitored. While speeding up the EU's response to crises is essential, the principles of sound financial management and accountability need to prevail, the auditors warned. 

First, this would require a proper needs assessment. There is very little evidence in the proposal of the need for this €2 billion budget increase, as it does not provide any estimate of the costs associated with those new tasks. This makes it impossible to determine whether the proposed budget is appropriate for achieving the intended objectives. 

Furthermore, some of the new objectives proposed lack any corresponding performance indicators or specific monitoring. The proposal no longer guarantees a minimum share of spending for each of the three key strategic pillars of the EU’s crisis response strategy (prevention, preparedness and response). The auditors therefore consider it would be helpful to include a mechanism for reporting the UCPM’s actual spending for each of these pillars. 

Commission starts testing interoperability for contact tracing apps

To exploit fully the potential of mobile proximity contact tracing and warning apps to break the chain of coronavirus infections and save lives, the Commission is setting up an interoperability gateway service linking national apps across the EU. On September 14, an important milestone has been reached as a group of Member States started testing the infrastructure. The Commission has kicked off test runs between the backend servers of the official apps from the Czech Republic, Denmark, Germany, Ireland, Italy and Latvia, and a newly established gateway server.

On May 7, PSCE delivered a webinar focused on this topic, where it explored the potential that mobile apps have to enhance contact tracing strategies to contain and reverse the spread of COVID-19. The virtual event featured Mr Peter Eberl Deputy Head of Cybersecurity and Digital Privacy Unit in DG CNECT, who delivered an introduction on the EU guidance.

Thierry Breton, Commissioner for Single Market, said: “Many Member States have implemented national contact tracing and warning applications. It is now time to make them interact with each other. Travel and personal exchange are the core of the European project and the Single Market. The gateway will facilitate this in these times of pandemic and will save lives.”

EU countries test their ability to cooperate in the event of cyber attacks

On September 29, EU Member States, the EU Agency for Cybersecurity (ENISA) and the European Commission (EC) met to test and assess their capacity to respond to a cybersecurity crisis. 

Known as Blue OLEx 2020, the exercise, the second of its kind, was organised by the Netherlands, with ENISA’s support, as a key stepping stone towards a finalised set of standardised operating procedures (SOPs). The procedures are being developed within the framework of the NIS Cooperation Group, led by France and Italy. The intention is to achieve a more coordinated information-sharing and incident response mechanism among EU cybersecurity authorities. The NIS Cooperation Group was established under the 2016 Directive on security of network and information systems — the NIS Directive. 

CyCLONe, the cooperation network

On September 29, EU countries, with the support of ENISA, launched the Cyber Crisis Liaison Organisation Network (CyCLONe) to help ensure a coordinated response should disruptive cyber incidents occur. Overall, the CyCLONe addresses the need for strengthened cooperation during major cyber-related crises. These measures include common situation awareness, coordinated responses plus public information.

Juhan Lepassaar, Executive Director of ENISA, summed up the overall approach: “Cyber crises have no borders. The EU Agency for Cybersecurity is committed to support the Union in its response to cyber incidents. It is important that the national cybersecurity agencies come together to coordinate decision-making at all levels. The CyCLONe group addresses this missing link.” 

“The new Cyber Crisis Liaison Organisation Network indicates once again the excellent cooperation between Member States and EU institutions in ensuring that our networks and critical systems are cyber secure,” Thierry Breton, Commissioner for the Internal Market, stated. He noted that cybersecurity is a shared responsibility that requires “we work collectively in preparing and implementing rapid emergency response plans.” 

The CyCLONe Network will ensure that information flows more efficiently between different cybersecurity structures enabling Member States to better coordinate national response strategies and impact assessments. Yesterday’s exercise was a follow-up to the Commission’s recommendation in its “Coordinated Response to Large Scale Cybersecurity Incidents and Crises”, the blueprint adopted in 2017. 

The EU Cybersecurity Act

On 27 June 2019, the EU Cybersecurity Act entered into force, revamping and strengthening ENISA’s role. This set the cybersecurity agency on a new course, giving it a permanent mandate along with increased responsibilities and resources. A key outcome of this was the European cybersecurity certification framework, which established the governance and rules for EU-wide certification of ICT products, processes and services.

State of the union 2020

On September 16th 2020, European Commission Ursula Von Leyen presented the commission’s vision for the future. Under the “NextGenerationEU” program, she emphasised the necessity from Europe to become increasingly green, digital and resilient.  The discourse insisted on the complexity of the current situation caused by the spread of the COVID-19 pandemic, which Ms Van Der Leyen states “is not over. And the recovery is still in its early stage.” 

Amongst the initial points raised, it is stated that the EU needs to strengthen its crisis preparedness and management of cross-border health threats. Security was high on the agenda and protecting the lives and livelihoods of European citizens is perceived as a key priority.

Furthermore, Ms Von Der Leyen insisted on the necessity to shift to a greener Europe. Concretely, this means that 37% of the overall 750 Billion€ NextGenerationEU budget would be allocated to reaching Green Deal objectives. By 2030 the EU pledges to reduce its emissions by 55% and become the first climate-neutral continent by 2050.

In addition, was emphasised the need for a common plan for digital Europe with clearly defined goals for 2030, such as for connectivity, skills and digital public services. These developements should be based on clear principles: the right to privacy and connectivity, freedom of speech, free flow of data and cybersecurity.

The discourse also mentioned the establishment of common data spaces - for example, in the energy or healthcare sectors. This will support innovation ecosystems in which universities, companies and researchers can access and collaborate on data. This will take form as a European Data cloud which will be created.

Finally, the discourse emphasised the importance of investing in new technologies, namely Artificial Intelligence. It was noted that this progress should be based on clear regulations regarding how AI data is collected, processed and stored.

 The full "State of the Union 2020" document is available here.

Webinar: "Empowering Vertical Industries through 5G Networks – The 5G PPP experience"

On September the 9th, from 11:00 – 11:30 CET, the 5G Public Private Partnership (5G PPP) and the 5G Infrastructure Association (5G IA) will co-organize a webinar to present the key findings of the latest White Paper on “Empowering Vertical Industries through 5G Networks – Current Status and Future Trends”. The webinar will feature Mr. Bernard Barani, Deputy Head of Unit at DG CONNECT, European Commission, as well as different voices within the telecommunications industry - NOKIA, Telecom Italia, Telenor. PSCE is pleased to have contributed to the White Paper, under “Indicative Use Cases for the Vertical Sectors” with regards to Public Safety.

Within the 2025-30 timeframe, European countries will begin to deploy mission critical mobile broadband technology, allowing for greater capacity for information exchange, improved situational awareness and especially enabling improved cross border collaboration. Approximately 3.5 million first responders in Europe will be presented with new secure and reliable broadband devices that they can carry and use anywhere in Europe. The lower cost of this new technology compared to existing and costly narrowband technologies is expected to increase this volume 2-3-fold, also allowing additional supporting staff to join these mission critical mobile networks.

Read the full White Paper here:

Agenda and Registration for the Webinar on September 9th: