Questions and Answers: Directive on Security of Network and Information systems, the first EU-wide legislation on cybersecurity

The NIS Directive is the first EU-wide legislation on cybersecurity. The objective of the Directive is to achieve evenly high level of security of network and information systems across the EU, through:

As part of the cybersecurity package adopted in September 2017, the Commission issued the Communication “Making the Most of the Directive on Security of Network and Information Systems” to assist Member States with guidance and best practice examples as well as to ensure a harmonised transposition of the new rules.

According to the Directive, all Member States need to adopt a national strategy on the security of network and information systems (NIS Strategy) defining the objectives and appropriate policy and regulatory measures. The strategy should include:

Strategic objectives, priorities and governance framework
Identification of measures on preparedness, response and recovery
Cooperation methods between the public and private sectors
Awareness raising, training and education
Research and development plans related to NIS Strategy
Risk assessment plan
List of actors involved in the strategy implementation

Member States have to designate at least one national competent authority to monitor the application of the NIS Directive at national level and to nominate a single point of contact to liaise and ensure cross–border cooperation with other Member States. Additionally, the Member States need to appoint at least one Computer Security Incident Response Team (CSIRT). The CSIRTs role is to:

monitor incidents at national level;
provide early warning, alerts and information to relevant stakeholders about risks and incidents;
respond to incidents;
provide dynamic risk and incident analysis and increase situational awareness;
participate in a network of the CSIRTs across Europe.

The European Commission supports Member States financially to increase their operational capabilities through the Connecting Europe Facility (CEF) – a key EU funding instrument for cross-border infrastructures in digital sectors. The CEF programme is providing €6.3 million in funding for the cooperation and information sharing platform for the Computer Security Incident Response Teams (CSIRTs), known as MeliCERTes. €18.7 million are allocated from the CEF programme for cybersecurity projects increasing capabilities of the CSIRTs between 2017 to 2020 (for example, for purchasing software tools, or covering the costs of trainings and exercises).

CEF funding is additionally being opened up to other stakeholders concerned by the NIS Directive – namely operators of essential services, digital service providers, single points of contact and national competent authorities with a further €13 million being available to those who apply under the next call for proposals from May to late November this year.

The NIS Directive established a cooperation group that is chaired by the Presidency of the Council of the European Union. The group gathers representatives of the Member States, the Commission (acting as secretariat) and the European Union Agency for Network and Information Security (ENISA). This cooperation group facilitates strategic cooperation and exchange of information among Member States and helps develop trust and confidence. The cooperation group has met six times to date starting from February 2017.

The Directive also established a Network of the national Computer Security Incident Response Teams (network of CSIRTs), to contribute to the development of confidence and trust between the Member States and to promote swift and effective operational cooperation.

The group is chaired by a representative of the Member State holding the Presidency of the Council of the EU. It operates by consensus and can set up sub-groups to examine specific questions related to its work. The Commission provides the secretariat of the cooperation group.

The group works on the basis of biennial work programmes. Its main tasks are to steer the work of the Member States in the implementation of the Directive, by providing guidance to the Computer Security Incident Response Teams (CSIRTs) network and assisting Member States in capacity building, sharing information and best practices on key issues, such as risks, incidents and cyber awareness.

The Cooperation Group has so far produced, for example, non-binding guidelines on the security measures and the incident notification for operators of essential services.

Every one and a half years the group will provide a report assessing the benefits of the cooperation. The report will be sent to the Commission as a contribution to the review of the functioning of the Directive.

How does the CSIRTs Network function?

The network is composed of representatives of the Member States’ CSIRTs (Computer Security Incident Response Teams) and CERT–EU (the Computer Emergency Response Team for the EU institutions, agencies and bodies). The Commission participates in the CSIRTs Network as an observer. The European Union Agency for Network and Information (ENISA) provides the secretariat, actively supporting the cooperation among the CSIRTs.

Two years after entry into force of the NIS Directive (by 9 August 2018), and every 18 months thereafter, the CSIRTs Network will produce a report assessing the benefits of operational cooperation, including conclusions and recommendations. The report will be sent to the Commission as a contribution to the review of the functioning of the Directive.

More intense coordination in the netowork could be seen already mid-2017 during the Wannacry and Non-Petya ransonware attacks.

What are operators of essential services, and what will they be required to do?

Operators of essential services are private businesses or public entities with an important role to provide security in healthcare, transport, energy, banking and financial market infrastructure, digital infrastructure and water supply.

Under the NIS Directive, identified operators of essential services will have to take appropriate security measures and to notify serious cyber incidents to the relevant national authority.

The security measures include:

Preventing risks
Ensuring security of network and information systems
Handling incidents

How will Member States identify operators of essential services?

Member States have until 9 November 2018 to identify the entities who have to take appropriate security measures and to notify significant incidents according to the following criteria criteria:

(1) The entity provides a service which is essential for the maintenance of critical societal and economic activities;

(2) The provision of that service depends on network and information systems; and

(3) A security incident would have significant disruptive effects on the essential service.

Which sectors does the Directive cover?

The Directive covers operators in the following sectors:

Energy: electricity, oil and gas
Transport: air, rail, water and road
Banking: credit institutions
Financial market infrastructures: trading venues, central counterparties
Health: healthcare settings
Water: drinking water supply and distribution
Digital infrastructure: internet exchange points, domain name system service providers, top level domain name registries

What kind of incidents should be notified by the operators of essential services?

The Directive does not define threshold of what is a significant incident requiring notification to the the relevant national authority. Three parameters that should be taken into account regarding the notifications are:

the number of users affected;
the duration of the incident;
the geographic spread.

What are digital service providers and do they have to notify cyber incidents?

The NIS Directive covers:

Online marketplaces (that allow businesses to make their products and services available online)
Cloud computing services
Search engines

All entities meeting the definitions will be automatically subject to the security and notification requirements under the NIS Directive. Micro and small enterprises (as defined in Commission Recommendation 2003/361/EC) do not fall under the scope of the Directive.

What are the obligations for digital service providers?

Digitial service providers covered by the NIS Directive are required to take appropriate security measures and to notify substantial incidents to the competent authority.

Security measures are similar to those undertaken by the operators of essential services and cover the following:

Preventing risks
Ensuring security of network and information systems
Handling incidents

The security measures taken by digital service providers should also take into account some specific factors defined in the 2018 Commission implementing regulation:

security of systems and facilities: a set of policies to manage the risk posed to the security of DSPs, which can be aimed at facilitating technical IT security as well as physical and environmental security or the security of supply and access control;
incident handling: measures taken to detect, report and respond to cybersecurity incidents and assess their root causes;
business continuity management: the capacity to be adequately prepared with the ability of minimise impacts on services and to quickly recover from cyber incidents.
monitoring, auditing and testing: regular checks to assess anomalies, verification that risk management measures are in place and that processes are being followed.
compliance with international standards, for example, those adopted by international standardisation bodies (e.g. ISO standards).

What kind of incidents will be notifiable by the digital service providers?

The Directive defines five parameters that should be taken into consideraton, as specified by the Commission in its 2018 implementing regulation:

Number of users affected: users with a contract in place (especially for online marketplaces and cloud computing service) or habitually using the service (based on previous traffic data);
Duration of incident: the period of time starting when a digital service is disrupted until when it is recovered;
Geographic spread: the area affected by the incident;
The extent of the disruption of the service: characteristics of the service impaired by an incident;
The impact on economic and societal activities: losses caused to users in relation to health, safety or damage to property.

The implementing regulation specifies four situations in which digital service providers are required to notify the relevant national competent authority or CSIRT, notably:

If the digital service is unavailable for more than 5 million user-hours in the EU;
If more than 100,000 users in the Union are impacted by a disruption;
If the incident has created a risk to public safety, public security or of loss of life;
If the incident has caused material damage of more than €1 million.

This list may be reviewed on the basis of guidance issued by the cooperation group, which will take into account the experience gained through the implementation of the NIS Directive.

What is the timeline for implementation of the Directive?

Member States have time until 9 November 2018 to identify businesses operating in their territory as “operators of essential services” – i.e. private businesses or public entities with an important role for the society and economy operating in critical sectors that will have to comply with security requirements and notify to national authorities significant incidents. The Commission will regularly update the overview on the state-of-play of transposition in each Member State on its website.

For More Information

Joint statement by Vice-President Ansip and Commissioners Avramopoulos, King and Gabriel

International VAT fraud OCG dismantled

4 May 2018

The national authorities of Belgium, Spain and Germany initiated investigations into an organised crime group (OCG) involved in a large-scale VAT fraud case that targeted numerous individuals and companies in Belgium, Bulgaria, Germany, Spain, Italy, Hungary, Portugal and Romania.

This case, a so-called VAT carousel fraud case, began several years ago with an investigation in Spain. The OCG, mainly composed of German, Spanish, Italian and Portuguese nationals, created a network of computer and electronics companies throughout Europe to divert the illicit profit yielded in Spain. The criminals managed to avoid VAT payments in Spain and yet receive VAT reimbursements through the companies set up in other Member States by simulating their business operations.

After the Spanish Desk opened a case at Eurojust, a coordination meeting was held last month between the national authorities involved to exchange case-related information and plan the common actions, ensuring that the necessary judicial cooperation instruments would be timely and effectively implemented on the action day.

A coordination centre took place at Eurojust on 18 April to coordinate the simultaneous operations in the eight Member States concerned, which led to the arrest of the main suspects, more than 100 searches, the freezing of several bank accounts, as well as the seizure of assets, including cash and luxury cars. One company under investigation was estimated to have defrauded more than EUR 17 million over a two-year period.

On the action day, Eurojust swiftly reacted to evolving judicial cooperation needs by facilitating the execution of European Arrest Warrants, European Investigation Orders and freezing orders on the spot. Europol participated in the coordination centre via a mobile office deployed in Spain, contributing to the successful outcome of the operations.

Results:
Arrests: 1 in Belgium, 3 in Germany, 52 in Spain and 1 in Portugal
Searches: 6 in Belgium, 2 in Bulgaria, 14 in Germany, 62 in Spain, 4 in Italy, 3 in Hungary, 15 in Portugal and 1 in Romania
Interviews/interrogations: 2 interviews in Bulgaria, 10 interrogations in Germany

International VAT fraud OCG dismantled

4 May 2018

Daily News 04 / 05 / 2018

Clean air: Commission improves car emissions tests further

Member States meeting in the Technical Committee of Motor Vehicles (TCMV) have agreed on the Commission’s latest proposal to strengthen car emissions testing. New and improved car emissions testsbecame mandatory on 1 September 2017: tests in real driving conditions (“Real Driving Emissions” – RDE) and an improved laboratory test (“World Harmonised Light Vehicle Test Procedure” – WLTP). Now the Commission has finished its technical follow-up to improve these tests further. Commissioner for the Internal Market, Industry, Entrepreneurship and SMEs Elżbieta Bieńkowska said: “By continuously tightening the screws on the way emissions tests are conducted, we aim to better protect our health and environment, restore consumer confidence, and add yet another incentive for a quick shift to zero emissions vehicles.” The proposal reduces margins of technical uncertainty in RDE testing, increases emissions checks of cars already in circulation and testing by independent and accredited third parties. It also improves the WLTP procedure by eliminating test flexibilities and introduces on-board fuel and energy consumption monitoring devices, thereby allowing for the first time to compare laboratory results for CO2 emissions with the average real driving situation. Following the positive vote in comitology, the proposal will be transmitted to the European Parliament and Council for a three-month scrutiny period. It will then be adopted by the Commission and published in the EU Official Journal, and would apply from 1January 2019. More information is available in the FAQs. Continuously improved emissions tests are one of the many Commission initiatives for a clean, sustainable and competitive car industry, including the Commission proposal for a fully overhauled type approval framework recently approved by the European Parliament and expected to be adopted by Council in the coming weeks (see new FAQs on reform points). (For more information: Lucía Caudet – Tel.: +32 229 56182; Victoria von Hammerstein – Tel.: +32 229 55040; Maud Noyon – Tel. +32 229-80379)

Fifty innovation grantees to bring research findings to the market

Today, 50 winners of an innovation grant competition from the European Research Council (ERC) have been announced. The so-called ‘proof of concept’ grants, each worth up to €150,000, are dedicated to researchers that want to bridge the gap between their pioneering research and early phases of its commercialisation. The researchers will now investigate business opportunities, establish intellectual property rights or conduct technical validation to proof their scientific concept. They will for example work on the development of a universal flu vaccine, put together an atlas of the human sub-cortex for deep brain stimulation of people suffering Parkinson’s and other neurological diseases, refine an environmentally friendly production of menthol or employ deep learning algorithms for the automatic detection of fake news (see more project examples). The European Research Council is the premiere European funding organisation for excellent frontier research and is part of the EU’s Horizon 2020 research and innovation programme. It will remain a key component of Horizon Europe, the future research funding programme outlined in the Commission’s proposal for the long-term budget for the 2021-2027 period. ERC grantees can apply for ‘proof of concept’ grants during three rounds in 2018 with an overall budget of €20 million. More information including the list of winners is available in a news item. (For more information: Lucía Caudet – Tel.: +32 229 56182; Victoria von Hammerstein – Tel.: +32 229 55040; Maud Noyon – Tel. +32 229-80379)

Citizens’ Panel on the Future of Europe

For the first time, the Commission is convening a Citizens’ Panel to draft a public consultation on the Future of Europe. Hosted by the European Economic and Social Committee on 5-6 May, a group of 80 Europeans will meet in Brussels to work together on the creation of a 12-question online consultation to be launched on 9 May, Europe Day. This unique exercise in participative democracy means that citizens are truly shaping the conversation on the Future of Europe. The online consultation follows on from the Commission’s White Paper on the Future of Europe published in March 2017 and will run in parallel to the 500 Citizens’ Dialogues being organised by the Commission in the next 12 months, and the Citizens’ Consultations being run by all EU27 Member States, following the initiative of President Macron. (For more information: Natasha Bertaud – Tel.: +32 229 67456; Tim McPhie- Tel.: +32 229 58602)

Nitrates: less water pollution from agriculture but more efforts needed

The Commission today published a new report on the implementation of the Nitrates Directive. With this Directive, the EU aims to protect water quality across Europe by preventing pollution by nitrates from agricultural sources and by promoting the use of good farming practices. Today’s report shows that the Directive has been successful in reducing water pollution caused by nitrates in both surface and groundwater in the last two decades. The report however points to some disparities among Member States, which calls for renewed efforts to bring waters in the European Union to a good status. Karmenu Vella, Commissioner for Environment, Maritime Affairs and Fisheries said, “Clean water is vital for healthy ecosystems and for citizens’ quality of life. I am happy to see that EU rules to reduce pollution from nitrates in water are delivering. Member States’ longstanding efforts to put them into practice are paying off. Still further effort is needed to achieve a more sustainable agriculture in the EU. Farmers should always be looking for ways to manage the nutrient cycle more sustainably. This will reduce the costs for public authorities to treat polluted water, make it safe for drinking and is in the long-term interests of the farmers themselves.” More information on today’s report is available here. In February 2018, the European Commission proposed legislation to improve the quality of drinking water and access to it as well as provide better information to citizens. More details can be found here. (For more information: Enrico Brivio – Tel.: +32 229 56172; Alexis Perier – Tel.: +32 229 6 91 43)

New data protection rules for the police and criminal justice sector apply as of 6 May

As of 6 May, new data protection rules for law enforcement authorities will apply. The new Data Protection Directive will allow police and judicial authorities to exchange information necessary for investigations and prosecutions more efficiently based on common high data protection standards. This will contribute to the EU’s Agenda on Security, further improving cooperation in the fight against terrorism and other serious crime in Europe. Commissioner Vĕra Jourová, Commissioner for Justice, Consumers and Gender Equality, said: “This directive makes sure that our police and judicial authorities can exchange data smoothly in time to keep our citizens safe. At the same time the personal information of victims, witnesses or suspects of a crime will be adequately protected. This set of rules ensures both fundamental rights and security and strengthens mutual trust between Member States.” The Directive creates a harmonised set of rules on how personal data can be used by law enforcement authorities throughout the EU. The rules ensure that suspects, victims, and witnesses will have their fundamental right to personal data protection properly upheld. Individuals will also have the right to ask police and criminal justice authorities for access to their data. The Commission will work closely with those Member States who have not finalised transposition yet to make sure the important new rules are implemented swiftly. These new rules were agreed by the European Parliament and the Council in December 2015 (see press release). The Law Enforcement Directive (also known as the “Police Directive”) is part of the Data Protection Reform along with the General Data Protection Regulation – due to apply across the EU as of 25 May. You’ll find more information on the Law Enforcement Directive in a factsheet and online on our pages dedicated to data protection. (For more information: Christian Wigand – Tel.: +32 229 62253; Melanie Voin – Tel.: +32 229 58659)

State aid: Commission approves €10 million extension of Irish support scheme for SMEs in difficulty

The European Commission has found that a €10 million extension of an aid scheme to facilitate the restructuring of small and medium-sized enterprises (SMEs) in financial difficulty in Ireland is in line with EU State aid rules. The original scheme was approved by the Commission on 30 November 2017. The extension of the scheme will allow the granting of temporary restructuring support in the form of loans to SMEs in financial difficulty or facing acute liquidity needs. The extension, like the original scheme, will run until 2020 and will be open to all sectors of the economy except the steel, coal and financial sectors. The Commission assessed this measure under its_2014 Guidelines on rescue and restructuring, which allow companies in difficulty to receive State aid only under certain strict conditions.On this basis, the Commission concluded that the extension is compatible with EU State aid rules. The non-confidential version of the decision will be published under the case number SA.50651 in the State Aid Register on the Commission’s competition website once any confidentiality issues have been resolved. (For more information: Ricardo Cardoso – Tel.: +32 229 80100; Maria Sarantopoulou – Tel.: +32 229 13740)

Mergers: Commission partially refers acquisition of Stahlgruber by LKQ to Czech competition authority; clears proposed acquisition outside Czech Republic

The European Commission has partially referred the acquisition of Stahlgruber GmbH of Germany by LKQ of the US to the Czech competition authority, and cleared the proposed acquisition outside the Czech Republic. Stahlgruber and LKQ both manufacture and supply automotive spare parts, and are wholesale distributors of automotive spare parts in the European Economic Area (EEA). After a preliminary investigation, the Commission has found that the proposed acquisition could threaten to significantly affect competition in the market for wholesale distribution of automotive spare parts for the independent aftermarket for light vehicles in the Czech Republic. The Commission has partially referred this part of the merger assessment to the Czech Republic’s competition authority, at the latter’s request. This will now be examined under the Czech Republic’s national competition law. At the same time, the Commission has approved under the EU Merger Regulation the part of the transaction affecting EEA markets outside the Czech Republic. The Commission concluded that this part of the proposed acquisition would raise no competition concerns, in particular given that the companies only have limited overlapping activities in the Netherlands. The transaction was examined under the normal merger review procedure. More information is available on the Commission’s competition website, in the public case register under the case number M.8766. (For more information: Ricardo Cardoso – Tel.: +32 229 80100; Maria Sarantopoulou – Tel.: +32 229 13740)

Appel à candidatures d’experts sur l’économie des plateformes en ligne

La Commission lance aujourd’hui un appel à candidatures d’experts pour soutenir le travail de l’Observatoire de l’Union européenne sur l’économie des plateformes en ligne. La création de l’Observatoire a été annoncée la semaine dernière à l’occasion de l’annonce de la proposition pour de nouvelles règles pour les plates-formes en ligne visant à créer un environnement commercial équitable, transparent et prévisible pour les petites entreprises et les commerçants. Cet Observatoire suivra et rendra compte des enjeux actuels ainsi que des opportunités dans l’économie numérique. L’objectif de l’appel est de sélectionner jusqu’à 15 experts indépendants ayant une compétence et une expérience dans l’économie des plateformes en ligne. Ils aideront ainsi l’Observatoire pendant au moins deux ans à réfléchir sur l’accès et l’utilisation des données, la prise de décision algorithmique, le classement et la transparence, ainsi que les pratiques discriminatoires potentielles des plateformes envers leurs utilisateurs. Les experts sont invités à accorder une attention toute particulière à l’évolution des politiques et des approches réglementaires en Europe. Le groupe produira des avis et des rapports pour aider les décideurs politiques européens et nationaux à développer une approche européenne aux plateformes en ligne. En fonction des progrès réalisés et sur la base des connaissances acquises grâce à l’Observatoire, la Commission évaluera la nécessité de prendre de nouvelles mesures et ce dans un délai de trois ans. L’appel à experts est ouvert jusqu’au 5 juin. Plus d’informations sur l’appel peuvent être trouvées ici. (Pour plus d’informations: Nathalie Vandystadt – Tél.: +32 229 67083, Julia-Henriette Bräuer – Tél.: +32 229 80707)

Eurostat: Le volume des ventes du commerce de détail en hausse de 0,1% dans la zone euro

En mars 2018 par rapport à février 2018, le volume des ventes du commerce de détail corrigé des variations saisonnières a augmenté de 0,1% dans la zone euro (ZE19) et a diminué de 0,1% dans l’UE28, selon les estimations d’Eurostat, l’office statistique de l’Union européenne. En février 2018, le commerce de détail avait progressé de 0,3% dans la zone euro et de 0,4% dans l’UE28. Un communiqué de presse est disponible ici. (Pour plus d’informations: Lucía Caudet – Tél.: +32 229 56182; Victoria von Hammerstein – Tél.: +32 229 55040; Maud Noyon – Tél. +32 229-80379)

Eurostat: Selon les estimations, les émissions de CO2 dans l’UE ont augmenté en 2017 par rapport à 2016

Selon les estimations d’Eurostat, les émissions de dioxyde de carbone (CO2) provenant de la combustion de combustibles fossiles ont augmenté de 1,8% dans l’Union européenne (UE) en 2017 par rapport à l’année précédente. Les émissions de CO2 contribuent fortement au réchauffement de la planète et représentent environ 80% de l’ensemble des émissions de gaz à effet de serre dans l’UE. Elles sont influencées par des facteurs tels que les conditions climatiques, la croissance économique, la taille de la population, les transports et les activités industrielles. Un communiqué de presse est disponible ici. (Pour plus d’informations: Anna-Kaisa Itkonen – Tél.: +32 229 56186; Nicole Bockstaller – Tél.: +32 229 52589)

STATEMENTS

Joint statement by Vice-President Ansip and Commissioners Avramopoulos, King and Gabriel on the first EU-wide legislation on cybersecurity

Vice-President Andrus Ansip, responsible for the Digital Single Market, Commissioner for Migration, Home Affairs and Citizenship Dimitris Avramopoulos, Commissioner for the Security Union Julian King and Commissioner Mariya Gabriel, in charge of Digital Economy and Society, issued a statement on the first EU-wide legislation on cybersecurity – the Directive on Security of Network and Information Systems (NIS Directive) that Member States have to transpose into national law by 9 May 2018. They said: “The adoption of the NIS Directive two years ago was a turning point for the EU’s efforts to step up its cybersecurity capacities. Thanks to this first EU cybersecurity law, Member States have strengthened their cooperation for a European cybersecurity policy and are coordinating efforts to build their response capacities.” The full statement is available here. TheDirective on Security of Network and Information Systems (NIS Directive) entered into force in August 2016. Member States have had 21 months to transpose the Directive into their national laws and have 6 months more to identify operators of essential services. It is the first EU-wide legally binding set of rules on cybersecurity. The Directive establishes a high common level of security of network and information systems across the EU. Additionally, to equip Europe with the right tools to deal with cyber-attacks, the European Commission proposed in September 2017 a wide-ranging set of measures to build strong cybersecurity in the EU. This included a proposal for strengthening the EU Agency for Cybersecurity as well as a new European certification framework to ensure that products and services in the digital world are safe to use. More details on the new rules are available in the Q&A as well as a factsheet. (For more information: Nathalie Vandystadt – Tel.: +32 229 67083; Inga Höglund – Tel.: +32 229 50698; Julia-Henriette Bräuer – Tel.: +32 229 80707)

ANNOUNCEMENTS

Vice-President Ansip to attend the UN Broadband Commission and Transform Africa Summit in Rwanda

Vice-President for the Digital Single Market Andrus Ansip is travelling to Kigali, Rwanda to attend the biannual UN meeting of the Broadband Commission for Sustainable Development (on Sunday and Monday) and to participate in the fourth Transform Africa Summit (on Tuesday). The Broadband Commission’s meeting will concentrate this time on 5G development to promote high-speed connectivity for the Gigabit society, digital skills as well as specific issues for Africa to boost the digital economy and broadband. Vice-President Ansip will also chair the Working Group on Digital Entrepreneurship. The Transform Africa 2018 Summit will be held under the theme “Accelerating Africa’s Single Digital Market”. Vice-President Ansip will participate in the panel discussion “Digital Identity, Connectivity and Regulation” on the EU’s Digital Single Market efforts to increase innovation and accessibility of broadband communication networks as well as the electronic ID systems. Both topics are priorities also under the Digital4Development strategy the Commission presented a year ago to promote digital technologies in the EU development policy. (For more information: Nathalie Vandystadt – Tel.: +32 229 67083; Julia-Henriette Bräuer – Tel.: +32 229 80707)

Calendar

The Commissioners’ weekly activities

Upcoming events of the European Commission (ex-Top News)

Testing of emissions from cars

Air pollutant emissions are the cause of 400 000 premature deaths in the EU per year, major respiratory diseases and significant healthcare costs.

Urban transport is one of the triggers of excessive air pollution in many urban areas.That is why over the past decades, the Commission has led EU efforts to progressively reduce emissions of air pollutants from road vehicles. The maximum nitrogen oxides (NOx) emission limits for diesel passenger cars have dropped from 500 mg/km in 2000 to 80mg/km in 2014. And the way in which emissions tests are conducted is becoming increasingly robust.

Until September 2017, only a laboratory test was used to measure air pollution emissions during the type approval process before the car could be placed on the market. However, air pollutants emissions measured on the road substantially exceeded emissions measured on the laboratory test cycle. The Commission has therefore made two major changes to strengthen the emissions testing regime and rebuild consumer confidence: the improvement of lab tests and the introduction of testing in real driving situation.

Improving emissions tests is only part of the Commission’s wider work for a clean, sustainable and competitive car sector as laid down in the Commission Communication ‘Europe on the Move’. Commission initiatives include air quality and CO2 standards, the overhaul of the type-approval framework or the support for alternative fuels and battery production.

What is the Real Driving Emissions test?

Already before the emissions scandal broke, the Commission had proposed to measure emissions in real driving conditions. This test procedure further tightens the rules since it checks the emissions of NOx and ultrafine particles (Particle Number – PN) from vehicles on the road and significantly reduces the discrepancy between emissions measured in real driving and those measured in a laboratory. The Real Driving Emissions (RDE) procedure complements the laboratory test.

In the RDE procedure pollutant emissions are measured by portable emission measuring systems (PEMS) that are attached to the car while driving in real conditions on the road. This means that the car is driven outside and on a real road according to random variations of parameters such as acceleration, deceleration, ambient temperature, and payloads.

How was RDE developed?

RDE was developed in four separate regulatory acts:

RDE Act 1: The first step was to define the actual test procedure. This was voted positively by the Member States in the Technical Committee of Motor Vehicles (TCMV) in May 2015 and entered into force in 2016. In the initial phase starting in early 2016, the RDE testing was only done for monitoring purposes, without an impact on the actual type approval which continued to be delivered on the basis of laboratory measurements.
RDE Act 2: The second step determined the phasing in of RDE testing to have an actual impact on type approvals issued by national authorities. On 28 October 2015, Member States meeting in the Technical Committee of Motor Vehicles (TCMV) agreed that RDE measurements of NOx would be compulsory for new car models from September 2017, and for all new vehicles from September 2019.
RDE Act 3: As a third step, Member States in the TCMV adopted on 20 December 2016 the Commission proposal to extend RDE testing to cover particle number (PN) emissions for all new vehicle types by September 2017 and for all new vehicles by September 2018. These very small particles exist in diesel cars as well as petrol cars with direct injection technology. Under RDE Act 3, the Commission also fine-tuned the testing methods to take into account that short city trips starting with a cold engine generate most city pollution. To cover a broader range of conditions, hot engine starts will now also be included. In addition, this Act also mandates that the real-world emission performance of a car should be clearly stated by the manufacturer in the certificate of conformity of each vehicle, i.e. that it is transparent and available for all citizens and public authorities.
RDE Act 4: On 3 May 2018, Member States in the TCMV agreed on the Commission proposal to go one step further and strengthen RDE legislation even more. The 4^th RDE act ensures transparent and independent control of emissions of vehicles during their lifetime. Type approval authorities will have to check each year the emissions of vehicles already in circulation (“in-service conformity” testing). Type approval authorities, independent parties and the Commission will be able to perform officially recognised tests through accredited laboratories and technical services. Taking account of latest improvements of the measuring technology, the 4^th Act introduces a first reduction of the conformity factor, which caters for technical and statistical variations in RDE measurements, from 1.50 to 1.43. The Commission will continue reviewing the conformity factor with the aim of bringing it down to 1 as soon as possible and at the latest by 2023. The next reduction is scheduled for 2019. Finally the act includes a new unique, transparent, robust and simple methodology for evaluating real driving emissions and for making sure that vehicles are driven properly during such tests. After a three-month scrutiny period in the European Parliament and Council, the Commission will adopt the proposal, which would then apply from 1 January 2019.

What about CO2 emissions testing?

The Commission has also introduced a new, more realistic laboratory test procedure – the World harmonised Light vehicle Test Procedure (WLTP) for measuring CO2 emissions and fuel consumption from cars and vans. The WLTP is a globally harmonised test procedure developed within the United Nations Economic Commission for Europe (UNECE) with the support of the European Commission. The new WLTP test was adopted by the Commission on 1 June 2017 and became mandatory for all new car models from September 2017 and for all new cars from September 2018.

The WLTP replaces the New European Drive Cycle (NEDC), which no longer reflected adequately today’s driving conditions or vehicle technologies. The WLTP provides fuel consumption and CO2 emission values that are more representative of real world conditions to the benefit of consumers and regulators both at EU and national levels. It is a stronger incentive for the deployment of fuel efficient and low-carbon technologies.

Member States voted on 3 May in the TCMV on the 2^nd WLTP Act, which improves the lab test to provide more representative CO2 emission and fuel consumption figures. The Commission proposal tightens testing tolerances and introduces a new evaporative emission procedure adapted to the WLTP. The proposal also introduces as of 2021 the obligation for all new cars and vans to have standardised and accessible fuel and energy consumption monitoring on board of the vehicle. Fuel consumption directly relates to the CO2 emissions. The new feature, so called ‘on-board fuel consumption monitoring device’ hence allows for the first time to compare laboratory results for CO2 emissions with the average real driving situation. This will also provide valuable information to consumers. After a three-month scrutiny period in the European Parliament and Council, the Commission will adopt the proposal, which would then apply from 1 January 2019.

What else is the Commission doing? – A snapshot

The new emissions tests will ensure more reliable results and help rebuild confidence in the performance of new cars. The tests represent one of several important steps in the Commission’s work for a clean, sustainable and competitive car industry. This includes a full overhaul of the type approval system, strict air quality standards that Member States have to comply with, and a number of measures to foster low-emission mobility (i.e. new CO2 standards for cars and vans, action plan for alternative fuel infrastructure, development of full value chain of battery production).

Under current rules the EU sets the legal framework but national authorities are fully responsible for checking the compliance of a vehicle. From 1 September 2020, the new EU ‘type-approval’ framework will be in place. It will significantly raise the quality level and independence of vehicle type-approval and testing, increase checks of vehicles that are already on the EU market and strengthen the overall system with European oversight (see FAQs).

The Commission has opened infringement procedures against eight Member States for breach of EU type approval legislation in December 2016 and May 2017, and continues to monitor whether EU law in the area is being properly enforced. The Commission has called on Member States to take all necessary measures to ensure that non-compliant vehicles are fixed or withdrawn from circulation. To that effect the Commission has been collecting data by Member States on the progress in the recalls of non-compliant vehicles and has published the different recall rates. The Commission has supported Member States’ work with guidance and a common testing methodology on defeat devices to ensure consistency of results of national investigations. The Commission ensures that competition rules are respected and has proposed a new deal for consumers.

Further information

Main features of the reformed type approval framework – FAQs
Political agreement on type approval framework (7 December 2017) – press release
Agenda for transition towards clean, competitive and connected mobility:

Commission communication (20 July 2016) – strategy for low emission mobility

Commission communication (31 May 2017) – Europe on the Move