Dutch Member of the European Parliament Marietje Schaake has referred to the Global Commission on the Stability of Cyberspace (GCSC) in two resolutions currently before committee in the European Parliament.
In the motion for a resolution on “Cyber Defense” before the Committee on Foreign Affairs (AFET), Schaake introduced a number of proposed amendments that align with the mission of the GCSC, and mentioned the commission by name in two of them.
Amendment 2 of the draft report proposes:
“having regard to the work of the Global Commission on the Stability of Cyberspace,”
and Amendment 14:
“supports […] the work of the Global Commission on the Stability of Cyberspace to develop proposals for norms and policies to enhance international security and stability, and guide responsible state and non-state behavior in cyberspace.”
The GCSC was also mentioned in a separate proposal for a resolution before the Committee on Industry, Research and Energy, which is currently deliberating a new regulation for the organization and mission of the European Union Agency for Network and Information Security (ENISA). Tasked with securing Europe’s information society by raising “awareness of network and information security,” among other responsibilities, several EU commissioners have recently called to strengthen ENISA’s mandate.
In her proposed amendments to the ENISA resolution, Schaake endorses the “public core” norm promoted by the GCSC, and cites the commission specifically:
“The protection of the public core of the internet is an emerging norm that is supported by the Global Commission on the Stability for Cyberspace, which received its mandate from the conclusions of the 4th Global Conference on CyberSpace (GCCS) held in 2015 in The Hague, as well as the 5th Report of the UN Group of Governmental Expert.”
Referred to as “Europe’s most wired politician” by the Wall Street Journal, Schaake has made a name for herself by focusing on digital issues. In 2016, she was labeled “the ultimate digital MEP” by Politico on their list of the “40 European Members of Parliament Who Actually Matter.”
The European Union has recently taken steps to strengthen its cybersecurity capacities. The first piece of EU-wide legislation on cybersecurity—the NIS directive—provides countries with legal measures to boost the overall level of cybersecurity in the EU. Approved in 2016 by the EU Parliament, it just passed its deadline for implementation on May 5, 2018.
In a joint statement released May 4, 2018, several EU Commissioners called the NIS directive a “turning point” in EU cybersecurity. They also urged the EU to continue strengthening its cybersecurity capacities: “to further boost the Union’s cybersecurity, the EU should swiftly give a strong and permanent mandate to its Agency for Cybersecurity, the European Union Agency for Network and Information Security (ENISA) and establish an EU framework for cybersecurity certification.”
President Jean-Claude Juncker also highlighted cybersecurity in his 2017 State of the Union address. Arguing that the union had seen cybersecurity progress over the previous years, he also said “Europe is still not well equipped when it comes to cyber-attacks. This is why, today, the Commission is proposing new tools, including a European Cybersecurity Agency [building upon ENISA], to help defend us against such attacks.”
 Cyber defence Motion for a resolution PE618.310 – 2018/2004(INI (Committee on foreign affairs) available here. Amendment 2: “having regard to the work of the Global Commission on the Stability of Cyberspace”, and Amendment 264: “Supports in this context the work of the Global Commission on the Stability of Cyberspace to develop proposals for norms and policies to enhance international security and stability and guide responsible state and non-state behaviour in cyberspace; endorses the proposal that state and nonstate actors should not conduct or knowingly allow activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet, and therefore the stability of cyberspace”.
 Regulation on ENISA, the “EU Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (”Cybersecurity Act”) Proposal for a regulation C (Committee on industry, research and energy) available here.