The EU Agency for Cybersecurity has issued an opinion paper on how to safeguard the electoral process.
Background: The European Agency for Network and Information Security (ENISA) has recently gained stronger powers due to reforms of the EU cybersecurity framework. It will now be a permanent agency, and have stronger powers of international coordination across member states.
What ENISA recommends: The agency has witnessed the compromising of election campaigns due to data leaks. Its paper carries 12 recommendations, such as: going beyond self-regulation for platforms, and developing a European framework; legal obligations to classify election systems as “critical infrastructure” so that they would fall under the scope of the Network and Information Security Directive; obliging political organisations to deploy a high level of cybersecurity in their systems, and requiring political parties to have an ‘incident response plan’ in place against data leaks; national legislation to tackle ‘the challenges associated with online disinformation’.
What this means in practice: European elections are imminent (May 2019) so we should not expect any institution to finalise any legislation ahead of them. However, the recommendations add up to the pressure to monitor and regulate platforms’ activities: after data protection and antitrust authorities, cybersecurity watchdogs are starting to weigh in.