Systemic Cyber Incident Coordination Framework (EU-SCICF), Links

29 November 2024 - The European Systemic Cyber Incident Coordination Framework (EU-SCICF) is set up in accordance with Article 49(1) of Regulation (EU) 2022/2554 (DORA)

Terms of Reference (ToR) – EU-SCICF Forum

Note: The ToR, approved by the ESAs’ Board of Supervisors, came into effect on 17 Jan 2025.

1. The European Systemic Cyber Incident Coordination Framework (EU-SCICF) is set up in accordance with Article 49(1) of the Regulation on digital operational resilience for the financial sector Regulation (EU) 2022/2554 (hereinafter, DORA) and ESAs Joint Committee (JC) response to the Recommendation of the European Systemic Risk Board of 2 December 2021 on a pan-European systemic cyber incident coordination framework for relevant authorities (ESRB/2021/17).

2. The EU-SCICF framework foresees two modalities of operation,

(1) non-crisis mode (development, maintaining and testing of the framework) and

(2) crisis mode (facilitate the coordination of response of members in case of a systemic cyber incident).

3. The EU-SCICF forum scope of action covers the non-crisis mode. It is set up with the objective to facilitate the operationalisation of an effective EU-level coordination (crisis mode) in the event of a cross-border major ICT-related incident or related threat that could have a systemic impact on the Union’s financial sector.

4. The organisation of the EU-SCICF Forum rests with the ESA Joint Committee.

5. In light of the objective above, the EU-SCICF Forum is tasked to:

a) develop and maintain documents, protocols, procedures, arrangements, taxonomy and plans to support coordination in case of crisis mode, taking into account the existing coordination frameworks and the cyber threat landscape;

b) prepare the set-up of a dedicated ad-hoc group responsible for managing the crisis mode (when activated); and

c) exercise and test the protocols and procedures to ensure continued preparedness in the event of activation of the crisis mode of the EU-SCICF.

6. These tasks will be reflected by the EU-SCICF Forum into an internal annual or multi-annual work plan with activities providing an overview of areas of thematic focus and actions, including on exercise/testing programme. This plan will contribute to the JC work programme.

7. The EU-SCICF Forum includes a summary of its activities to the JC annual report.

8. A webpage with more information on the EU-SCICF shall be maintained as part of the ESAs websites and other materials as appropriate.

29 November 2024 - The European Systemic Cyber Incident Coordination Framework (EU-SCICF) is set up in accordance with Article 49(1) of Regulation (EU) 2022/2554 (DORA)

17 July 2024 - The three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) will establish the EU systemic cyber incident coordination framework (EU-SCICF), in the context of the Digital Operational Resilience Act (DORA).

Over the coming months, the ESAs will kickstart the implementation of the framework by setting up:

- the EU-SCICF Secretariat, supporting the functioning of the framework;

- the EU-SCICF Forum, working on testing and maturing the functioning;

- the EU-SCICF Crisis Coordination, facilitating during a crisis the coordination of actions by the participating authorities.

July 2024, ESAs will establish the EU systemic cyber incident coordination framework (EU-SCICF)

April 2024 - European Systemic Risk Board (ESRB), Advancing macroprudential tools for cyber resilience – Operational policy tools.

According to the paper, the pan-European systemic cyber incident coordination framework (EU-SCICF) should build on the Digital Operational Resilience Act (DORA) for the financial sector and should complement existing frameworks (e.g. financial and cyber incident) as well as the Network and Information Security (NIS2) Directive and the Resilience of Critical Entities Directive (CER).

April 2024 - Advancing macroprudential tools for cyber resilience – Operational policy tools

January 2022 - European Systemic Risk Board (ESRB), Mitigating Systemic Cyber Risk.

This report identifies the need for the establishment of a pan-European systemic cyber incident coordination framework (EU-SCICF) to mitigate the risk of a coordination failure. The objective behind such a mechanism is to increase the level of preparedness of financial authorities in the EU and to define a coherent and thus more effective response to a cyber incident.

January 2022 - European Systemic Risk Board (ESRB), Mitigating Systemic Cyber Risk.

December 2, 2021, European Systemic Risk Board (ESRB), recommendation for the establishment of a pan-European systemic cyber incident coordination framework (EU-SCICF).

https://www.esrb.europa.eu/pub/pdf/recommendations/esrb.recommendation220127_on_cyber_incident_coordination~0ebcbf5f69.en.pdf?f2ec57c21993067e9ac1d73ce93a0772

EU, Founding agreements

The European Union is based on the rule of law. This means that every action taken by the EU is founded on treaties that have been approved voluntarily and democratically by all EU member countries. For example, if a policy area is not cited in a treaty, the Commission cannot propose a law in that area.

A treaty is a binding agreement between EU member countries. It sets out EU objectives, rules for EU institutions, how decisions are made and the relationship between the EU and its member countries.

Treaties are amended to make the EU more efficient and transparent, to prepare for new member countries and to introduce new areas of cooperation – such as the single currency.

Under the treaties, EU institutions can adopt legislation, which the member countries then implement. The complete texts of treaties, legislation, case law and legislative proposals can be viewed using the EUR-Lex database of EU law.

https://european-union.europa.eu/principles-countries-history/principles-and-values/founding-agreements_en

The European Council

In the Council of the EU, informally also known as the Council, government ministers from each EU country meet to discuss, amend and adopt laws, and coordinate policies. The ministers have the authority to commit their governments to the actions agreed on in the meetings.

The Council of the European Union:

- negotiates and adopts EU laws, together with the European Parliament, based on proposals from the European Commission

- coordinates EU countries' policies

- develops the EU's foreign & security policy, based on European Council guidelines

- concludes agreements between the EU and other countries or international organisations

- adopts the annual EU budget - jointly with the European Parliament

https://www.consilium.europa.eu

The European Commission

The Commission is steered by a group of 27 Commissioners, known as 'the college'. Together they take decisions on the Commission's political and strategic direction.

A new college of Commissioners is appointed every 5 years.

The Commission is organised into policy departments, known as Directorates-General (DGs), which are responsible for different policy areas. DGs develop, implement and manage EU policy, law, and funding programmes. In addition, service departments deal with particular administrative issues. Executive agencies manage programmes set up by the Commission.

https://ec.europa.eu

The European Parliament

The European Parliament is an important forum for political debate and decision-making at the EU level. The Members of the European Parliament are directly elected by voters in all Member States to represent people’s interests with regard to EU law-making and to make sure other EU institutions are working democratically.

The Parliament acts as a co-legislator, sharing with the Council the power to adopt and amend legislative proposals and to decide on the EU budget. It also supervises the work of the Commission and other EU bodies and cooperates with national parliaments of EU countries to get their input. See how it all works here.

https://www.europarl.europa.eu

The Court of Justice of the European Union (CJEU)

Since the establishment of the Court of Justice of the European Union in 1952, its mission has been to ensure that "the law is observed" "in the interpretation and application" of the Treaties.

As part of that mission, the Court of Justice of the European Union:

- reviews the legality of the acts of the institutions of the European Union,

- ensures that the Member States comply with obligations under the Treaties, and

- interprets European Union law at the request of the national courts and tribunals.

The Court thus constitutes the judicial authority of the European Union and, in cooperation with the courts and tribunals of the Member States, it ensures the uniform application and interpretation of EU law.

The Court of Justice of the European Union, which has its seat in Luxembourg, consists of two courts: the Court of Justice and the General Court (created in 1988). The Civil Service Tribunal, established in 2004, ceased to operate on 1 September 2016 after its jurisdiction was transferred to the General Court in the context of the reform of the European Union’s judicial structure.

As each Member State has its own language and specific legal system, the Court of Justice of the European Union is a multilingual institution. Its language arrangements have no equivalent in any other court in the world, since each of the official languages of the European Union can be the language of a case. The Court is required to observe the principle of multilingualism in full, because of the need to communicate with the parties in the language of the proceedings and to ensure that its case-law is disseminated throughout the Member States.

https://curia.europa.eu

The European Court of Auditors

“The Court of Auditors shall carry out the Union’s audit” (TFEU, Article 285).

The TFEU confers upon the European Court of Auditors the main task of carrying out the Union’s audit with the dual aim of improving financial management and reporting to the citizens of Europe on the use made of public funds by the authorities responsible for their management.

https://www.eca.europa.eu

The European Ombudsman

Treaty on the Functioning of the EU, Article 228: "A European Ombudsman, elected by the European Parliament, shall be empowered to receive complaints from any citizen of the Union or any natural or legal person residing or having its registered office in a Member State concerning instances of maladministration in the activities of the Union institutions, bodies, offices or agencies, with the exception of the Court of Justice of the European Union acting in its judicial role. He or she shall examine such complaints and report on them. In accordance with his duties, the Ombudsman shall conduct inquiries for which he finds grounds, either on his own initiative or on the basis of complaints submitted to him direct or through a Member of the European Parliament, except where the alleged facts are or have been the subject of legal proceedings. Where the Ombudsman establishes an instance of maladministration, he shall refer the matter to the institution, body, office or agency concerned, which shall have a period of three months in which to inform him of its views. The Ombudsman shall then forward a report to the European Parliament and the institution, body, office or agency concerned. The person lodging the complaint shall be informed of the outcome of such inquiries."

https://www.ombudsman.europa.eu

The European Central Bank (ECB)

The European Central Bank works to keep prices stable in the euro area. They contribute to the safety and soundness of the European banking system.

The ECB is the central bank of the 19 European Union countries which use the euro.

The first step towards creating the ECB was the decision, taken in 1988, to build an Economic and Monetary Union: free capital movements within Europe, a common monetary authority, and a single monetary policy across the euro area countries.

https://www.ecb.europa.eu

The European External Action Service (EEAS)

The European External Action Service (EEAS) is the European Union’s diplomatic service. Since 2011, the EEAS carries out the EU’s Common Foreign and Security Policy to promote peace, prosperity, security, and the interests of Europeans across the globe.

The EU maintains diplomatic relations with nearly all countries in the world and undertakes a range of actions with strategic partners, key international players, and emerging and developing powers.

In an increasingly interconnected world, Europe’s security starts abroad. European citizens expect and deserve to live in a safe and stable environment. In the face of increased global instability, the EU takes more responsibility for its own security and increase its capacity to act autonomously.

https://www.eeas.europa.eu

The Delegation of the European Union in the United States of America

The European Union is represented in the United States by the Washington, D.C, Delegation, which works in close coordination with the nearby embassies of the EU Member States.

The Delegation promotes EU policies in the United States, which includes presenting and explaining EU actions to the U.S. Administration and Congress. By engaging with political actors, the media, academia, business, and civil society, we raise awareness of EU issues and concerns and promote the importance of the EU-U.S relationship among the American public.

The Delegation reports on the political, social, and economic situations in the United States to the headquarters in Brussels. Since 1964, the EU has also maintained an office in New York, serving as the EU’s Mission to the United Nations.

https://www.eeas.europa.eu/delegations/united-states-america_en