FantasticSearch

1. An Interinstitutional Cybersecurity Board (IICB) is hereby established.

2. The IICB shall be responsible for:

(a) monitoring and supporting the implementation of this Regulation by the Union entities;

(b) supervising the implementation of general priorities and objectives by CERT-EU and providing strategic direction to CERT-EU.

3. The IICB shall consist of:

(a) one representative designated by each of the following:

(i) the European Parliament;

(ii) the European Council;

(iii) the Council of the European Union;

(iv) the Commission;

(v) the Court of Justice of the European Union;

(vi) the European Central Bank;

(vii) the Court of Auditors; (viii) the European External Action Service;

(ix) the European Economic and Social Committee;

(x) the European Committee of the Regions;

(xi) the European Investment Bank;

(xii) the European Cybersecurity Industrial, Technology and Research Competence Centre; (xiii) ENISA;

(xiv) the European Data Protection Supervisor (EDPS);

(xv) the European Union Agency for the Space Programme.

(b) three representatives designated by the EU Agencies Network (EUAN) on the basis of a proposal by its ICT Advisory Committee to represent the interests of the bodies, offices and agencies of the Union that run their own ICT environment, other than those referred to in point (a). The Union entities represented on the IICB shall aim to achieve gender balance among the designated representatives.

4. Members of the IICB may be assisted by an alternate. Other representatives of the Union entities referred to in paragraph 3 or of other Union entities may be invited by the Chair to attend IICB meetings without voting power.

5. The Head of CERT-EU and the Chairs of the Cooperation Group, the CSIRTs network and EU-CyCLONe established, respectively, pursuant to Articles 14, 15 and 16 of Directive (EU) 2022/2555, or their alternates, may participate in IICB meetings as observers. In exceptional cases, the IICB may, in accordance with its internal rules of procedure, decide otherwise.

6. The IICB shall adopt its internal rules of procedure.

7. The IICB shall designate a Chair in accordance with its internal rules of procedure, from among its members for a period of three years. The Chair’s alternate shall become a full member of the IICB for the same duration.

8. The IICB shall meet at least three times a year at the initiative of its Chair, at the request of CERT-EU or at the request of any of its members.

9. Each member of the IICB shall have one vote. The IICB’s decisions shall be taken by simple majority except where otherwise provided for in this Regulation. The Chair of the IICB shall not have a vote except in the event of a tied vote, in which case the Chair may cast a deciding vote.

10. The IICB may act by means of a simplified written procedure initiated in accordance with its internal rules of procedure. Under that procedure, the relevant decision shall be deemed to be approved within the timeframe set by the Chair, except where a member objects.

11. The secretariat of the IICB shall be provided by the Commission and shall be accountable to the Chair of the IICB.

12. The representatives nominated by the EUAN shall relay the IICB’s decisions to the members of the EUAN. Any member of the EUAN shall be entitled to raise with those representatives or the Chair of the IICB any matter which it considers should be brought to the IICB’s attention.

13. The IICB may establish an executive committee to assist it in its work, and delegate some of its tasks and powers to it. The IICB shall lay down the rules of procedure of the executive committee, including its tasks and powers, and the terms of office of its members.

14. By 8 January 2025 and on an annual basis thereafter, the IICB shall submit a report to the European Parliament and to the Council detailing progress made with the implementation of this Regulation and specifying in particular the extent of cooperation of CERT-EU with Member State counterparts in each of the Member States. The report shall constitute an input to the biennial report on the state of cybersecurity in the Union adopted pursuant to Article 18 of Directive (EU) 2022/2555.