TITLE II: CYBER SECURITY
Article CYB.1: Dialogue on cyber issues
The Parties shall endeavour to establish a regular dialogue in order to exchange information about relevant policy developments, including in relation to international security, security of emerging technologies, internet governance, cybersecurity, cyber defence and cybercrime.
Article CYB.2: Cooperation on cyber issues
1. Where in their mutual interest, the Parties shall cooperate in the field of cyber issues by sharing best practices and through cooperative practical actions aimed at promoting and protecting an open, free, stable, peaceful and secure cyberspace based on the application of existing international law and norms for responsible State behaviour and regional cyber confidence-building measures.
2. The Parties shall also endeavour to cooperate in relevant international bodies and forums, and endeavour to strengthen global cyber resilience and enhance the ability of third countries to fight cybercrime effectively.
Article CYB.3: Cooperation with the Computer Emergency Response Team – European Union
Subject to prior approval by the Steering Board of the Computer Emergency Response Team – European Union (CERT-EU), CERT-EU and the national UK computer emergency response team shall cooperate on a voluntary, timely and reciprocal basis to exchange information on tools and methods, such as techniques, tactics, procedures and best practices, and on general threats and vulnerabilities.
Article CYB.4: Participation in specific activities of the Cooperation Group established pursuant to Directive (EU) 2016/1148
1. With a view to promoting cooperation on cyber security while ensuring the autonomy of the Union decision-making process, the relevant national authorities of the United Kingdom may participate at the invitation, which the United Kingdom may also request, of the Chair of the Cooperation Group in consultation with the Commission, in the following activities of the Cooperation Group:
(a) exchanging best practices in building capacity to ensure the security of network and information systems;
(b) exchanging information with regard to exercises relating to the security of network and information systems;
(c) exchanging information, experiences and best practices on risks and incidents;
(d) exchanging information and best practices on awareness-raising, education programmes and training; and
(e) exchanging information and best practices on research and development relating to the security of network and information systems.
2. Any exchange of information, experiences or best practices between the Cooperation Group and the relevant national authorities of the United Kingdom shall be voluntary and, where appropriate, reciprocal.
Article CYB.5: Cooperation with the EU Agency for Cybersecurity (ENISA)
1. With a view to promoting cooperation on cyber security while ensuring the autonomy of the Union decision-making process, the United Kingdom may participate at the invitation, which the United Kingdom may also request, of the Management Board of the EU Cybersecurity Agency (ENISA), in the following activities carried out by ENISA:
(a) capacity building;
(b) knowledge and information; and
(c) awareness raising and education.
2. The conditions for the participation of the United Kingdom in ENISA’s activities referred to in paragraph 1, including an appropriate financial contribution, shall be set out in working arrangements adopted by the Management Board of ENISA subject to prior approval by the Commission and agreed with the United Kingdom.
3. The exchange of information, experiences and best practices between ENISA and the United Kingdom shall be voluntary and, where appropriate, reciprocal.