ENISA is the European Union Agency for Cybersecurity, headquartered in Athens with an additional office in Heraklion, Crete. It was originally established in 2004 as the European Network and Information Security Agency under Regulation (EC) No 460/2004, and was given a permanent mandate and renamed in 2019 under the EU Cybersecurity Act (Regulation (EU) 2019/881).
The agency's core mission is to achieve a high common level of cybersecurity across the EU. Its work spans several areas:
- Policy support: assisting the European Commission and member states in developing and implementing cybersecurity legislation, including the NIS Directive and its successor NIS2 (Directive (EU) 2022/2555).
- Operational cooperation: coordinating the CSIRTs Network of national Computer Security Incident Response Teams and running pan-European exercises such as Cyber Europe.
- Certification: preparing candidate European cybersecurity certification schemes under the Cybersecurity Act, such as the EUCC scheme for ICT products based on Common Criteria.
- Capacity building and awareness: producing the annual ENISA Threat Landscape report, running European Cybersecurity Month, and providing training to national authorities.
- Knowledge and research: publishing guidance on topics ranging from cloud security and 5G to AI, post-quantum cryptography, and supply-chain risk.
ENISA does not have direct enforcement powers over private companies; regulatory action remains with national competent authorities and, increasingly, with the Commission under instruments like the Cyber Resilience Act. Instead, ENISA functions as a center of expertise, convener, and standard-setter.
It is governed by a Management Board comprising representatives of each member state and the Commission, supported by an Executive Board and an Advisory Group of industry and academic stakeholders. The Executive Director leads day-to-day operations. ENISA cooperates closely with bodies such as Europol's EC3, CERT-EU, and the European Data Protection Board, and engages with non-EU partners on international cyber policy.
Example
In 2023, ENISA published its *Threat Landscape 2023* report identifying ransomware and DDoS as the top threats facing EU organizations, drawing on incident data collected from member states.
Frequently asked questions
ENISA is headquartered in Athens, Greece, with an additional operational office in Heraklion on the island of Crete.
Keep learning