This ENISA publication outlines the high-level technical competence requirements for Conformity Assessment Bodies (CABs) seeking designation as Notified Bodies under the EU Cyber Resilience Act (CRA). The document focuses on the knowledge, experience, training, and auditing capabilities required for personnel involved in evaluating the cybersecurity conformity of products. It provides guidance for developing qualified assessment teams and supports the consistent implementation of CRA certification and conformity assessment processes across the European Union.
Operational and Compliance Training
Access a wealth of resources including articles, whitepapers, tools, and guides to support your learning.
Category
Type
More
Difficulty Level
- Risk Management
ENISA NIS360: Maturity and Criticality Assessment of NIS2 Sectors
- Published date:
- Author: European Union Agency for Cybersecurity (ENISA)
The ENISA NIS360 is an assessment framework that evaluates the maturity and criticality of sectors covered by the NIS2 Directive. Drawing on data from national authorities, organisations operating in critical sectors, and EU-level sources, the tool provides both a comparative overview and detailed sector-specific analysis. It helps Member States, regulators, and stakeholders identify cybersecurity capability gaps, benchmark sector readiness, and prioritise investments and resources to strengthen cyber resilience across critical sectors.
- Compliance Standards
EU AI Act Service Desk and Single Information Platform
- Published date:
- Author: European Commission
The EU AI Act Service Desk and Single Information Platform provide practical tools and guidance to help organisations understand and comply with the European Union AI Act. The platform includes the AI Act Explorer, Compliance Checker, implementation guidance, FAQs, and support services designed to assist stakeholders in assessing obligations related to trustworthy and high-risk AI systems. It supports startups, SMEs, developers, and deployers in navigating AI governance, compliance, and risk management requirements across the EU.
- Compliance Standards
Guidelines for Providers and Deployers of High-Risk AI Systems under the EU AI Act
- Published date:
- Author: European Commission
These European Commission guidelines support providers and deployers in understanding and classifying high-risk AI systems under the EU AI Act. The document explains key obligations, risk categories, and practical implementation considerations, including examples across sectors such as biometrics, critical infrastructure, education, employment, and migration. The guidelines aim to facilitate compliance, improve trustworthy AI deployment, and support the secure and responsible use of AI systems across the European Union.
- Compliance Standards
ENISA National Cyber Security Strategies Interactive Map
- Published date:
- Author: European Union Agency for Cybersecurity (ENISA)
This interactive tool by ENISA provides a comprehensive overview of national cybersecurity strategies across EU Member States and selected European countries. Users can explore each country’s strategic priorities, implementation status, key organisations, and supporting initiatives such as ISACs, R&D activities, and public-private partnerships. The platform supports policy awareness, benchmarking, and the exchange of best practices across Europe.
- Compliance Standards
EU AI Act: Cybersecurity, Risk Management and Trustworthy AI Governance Framework
- Published date:
- Author: European Parliament & Council of the European Union
The EU Artificial Intelligence Act (Regulation (EU) 2024/1689) establishes a risk-based framework for the secure and trustworthy development, deployment, and use of AI systems across the European Union. From a cybersecurity perspective, the regulation introduces strict requirements for high-risk AI systems, including risk management, robustness, resilience against attacks, and protection against data manipulation and system vulnerabilities. It also sets obligations for general-purpose AI models to address systemic risks, enhance transparency, and ensure secure lifecycle management. By integrating cybersecurity into AI governance—alongside compliance, monitoring, and incident response—the AI Act strengthens the resilience of digital systems and mitigates emerging threats associated with AI technologies.
- Compliance Standards
ECSO Reaction to the Cybersecurity Act Revision and NIS2 Directive Amendments
- Published date:
- Author: European Cyber Security Organisation (ECSO)
This ECSO publication provides a policy analysis of the proposed revision of the Cybersecurity Act and amendments to the NIS2 Directive. It highlights key priorities for strengthening the EU cybersecurity framework, including the need for harmonised baseline security requirements, proportionate implementation based on organisational size and risk, and improved coordination among Member States. Drawing on stakeholder consultations, the report offers recommendations to enhance legal clarity, reduce fragmentation, and support effective governance across the European cybersecurity landscape.
- Compliance Standards
Actions Beyond Words: Automating Audits for Streamlined Cybersecurity Compliance in Europe
- Published date:
- Author: ECSO (European Cyber Security Organisation)
This ECSO publication explores how the Open Security Controls Assessment Language (OSCAL) could support the automation and standardisation of cybersecurity compliance processes across Europe. Set against the growing complexity of EU cybersecurity legislation, it examines how machine-readable control frameworks and OSCAL-based governance, risk, and compliance tools can enable faster assessments, continuous monitoring, and more efficient audits. The document also outlines the conditions needed for broader adoption, including pilot testing, institutional support, and alignment across national authorities and supply chains.
- Compliance Standards
NIS2 Implementation – Challenges, Fragmentation and Readiness Across the EU
- Published date:
- Author: European Cyber Security Organisation
This white paper provides a comprehensive analysis of the current state of NIS2 implementation across EU Member States and affected organisations. Drawing on a Europe-wide survey of cybersecurity practitioners and sectoral case studies, it highlights fragmentation in national transpositions, inconsistencies in incident reporting timelines and classification approaches, and significant gaps in budget allocation and management engagement. The report offers actionable recommendations to support harmonised implementation and strengthen organisational readiness under the NIS2 Directive.
- Risk Management
Protecting Data from Ransomware and Data Loss (NIST NCCoE, 2020)
- Published date:
- Author: National Institute of Standards and Technology
This NIST NCCoE guide provides practical recommendations to help Managed Service Providers (MSPs) design, maintain, and test backup files to reduce the impact of ransomware and other data loss events (e.g., hardware failure, accidental or malicious deletion). It supports implementation of the NIST Cybersecurity Framework subcategory PR.IP-4 by outlining considerations for backup planning, selecting backup services/products, ensuring backup availability and integrity, and strengthening disaster recovery readiness. The guidance is adaptable—MSPs can apply only the recommendations relevant to their operational context.