Hostname: page-component-78c5997874-mlc7c Total loading time: 0 Render date: 2024-11-10T15:23:49.415Z Has data issue: false hasContentIssue false
  • English
  • Français

Europeanisation on demand: the EU cybersecurity certification regime between market integration and core state powers (1997–2019)

Published online by Cambridge University Press:  06 August 2020

Ido Sivan-Sevilla Open the ORCID record for Ido Sivan-Sevilla [Opens in a new window]
Ido Sivan-Sevilla*
Affiliation:
Digital Life Initiative, Cornell Tech, USA
*
Corresponding author. E-mail: Is428@cornell.edu
Get access Rights & Permissions [Opens in a new window]

Abstract

Despite promises by European Union (EU) policymakers to “fundamentally change” cybersecurity certification, they have recently created a regime that is strikingly similar to already existing certification arrangements. How can we explain this puzzle? Through a process-tracing analysis based on 41 documents and 18 interviews, this article traces the development of the EU cybersecurity certification regime over the past two decades. It deconstructs certification into standardisation, accreditation, certification, and evaluation; analyses how each regime component changed over time; and discusses to what extent causal mechanisms that are derived from classic theories of EU integration explain the limited nature of policy change. The observed dynamics uncover a “Europeanization on Demand” model that allows national authorities to completely control the extent of integration. This study challenges the dichotomous understanding portrayed by EU integration literature, of mutually exclusive dynamics of market or core state powers integration, highlighting intriguing political dynamics in EU cybersecurity policymaking.

Keywords

certificationcybersecurityEU integrationmulti-level governancepolicy change
Type
Research Article
Information
Journal of Public Policy , Volume 41 , Issue 3 , September 2021 , pp. 600 - 631
Copyright
© The Author(s), 2020. Published by Cambridge University Press

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Abbott, K, Genschel, P, Snidal, D and Zangl, B (2015) Orchestration. In Abbott, K, Genschel, P, Snidal, D and Zangl, B. (eds.), International Organizations as Orchestrators. Cambridge: Cambridge University Press, 336.Google Scholar
Abbott, K, Genschel, P, Snidal, D and Zangl, B (2019) Competence Versus Control: The Governor’s Dilemma. Regulation & Governance. doi: 10.1111/rego.12234 Google Scholar
Beach, D (2016) It’s All About Mechanisms – What Process Tracing Case Studies Should be Tracing. New Political Economy, 21(5): 463472.CrossRefGoogle Scholar
Bendiek, A, Bossong, R and Schulze, M (2017) The EU’s Revised Cybersecurity Strategy: Half-Hearted Progress on Far Reaching Challenges (SWP Comments, 47/2017). Berlin: Stiftung Wissenschaft und Politik – SWP- Deutsches Institut für Internationale Politik und Sicherheit.Google Scholar
Borraz, O (2007) Governing Standards: The Rise of Standardization Processes in France and EU. Governance, 20(1): 5784.CrossRefGoogle Scholar
Börzel, T (2019) Governance Approaches to European Integration. In: Wiener, A, Börzel, T and Risse, T. (eds.), European Integration Theory, 3rd ed, Oxford: Oxford University Press.Google Scholar
Brunsson, N and Jacobsson, B (eds.) (2000) A World of Standards. Oxford: Oxford University Press.Google Scholar
Christou, G (2016) Cybersecurity in the European Union - Resilience and Adaptability in Governance Policy. London: Palgrave.CrossRefGoogle Scholar
Christou, G (2019) The collective securitisation of cyberspace in the European Union. West European Politics, 42(2): 278301.CrossRefGoogle Scholar
Freiberg, A (2017) Regulation in Australia. Sydney: Federation Press.Google Scholar
French Senate (2017) Draft resolution on the proposal for a regulation on ENISA, the “EU Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (“Cybersecurity Act”). Commission des Affaires Europeennes.Google Scholar
Genschel, P and Jachtenfuchs, M (2013) Beyond the Regulatory Polity?: The European Integration of Core State Powers.. New York: Oxford University Press.CrossRefGoogle Scholar
Genschel, P and Jachtenfuchs, M (2016) More Integration, Less Federation: The European Integration of Core State Powers. Journal of European Public Policy, 23(1): 4259.CrossRefGoogle Scholar
Genschel, P and Jachtenfuchs, M (2018) From Market Integration to Core State Power: The Eurozone Crisis, the Refugee Crisis and Integration Theory. Journal of Common Market Studies, 56(1): 178196.CrossRefGoogle Scholar
Haas, B (1961) International Integration: The European and the Universal Process. International Organization, 15(3): 366392.CrossRefGoogle Scholar
Hood, C, Rothstein, H and Baldwin, R (2001) The Government of Risk: Understanding Risk Regulation Regimes. Oxford: Oxford University Press.CrossRefGoogle Scholar
Hooghe, L and Marks, G (2019) Grand Theories of European Integration in the Twenty-First Century. Journal of European Public Policy, 26(8): 11131133.CrossRefGoogle Scholar
Levi-Faur, D (1999a) The Governance of Competition: The Interplay of Technology, Economics, and Politics, in the European Union Electricity and Telecom Regime. Journal of Public Policy, 19(2): 175207.CrossRefGoogle Scholar
Levi-Faur, D (1999b) Governing Dutch Telecommunications Reform: State-Business Interactions in the Transformation of National Policy Regimes to (European) Embedded Policy Regimes. Journal of European Public Policy, 6(1): 102122.CrossRefGoogle Scholar
Majone, G (2006) The Common Sense of European Integration. Journal of European Public Policy, 13(5): 607626.CrossRefGoogle Scholar
May, P and Jochim, A (2013) Policy Regime Perspectives: Policies, Politics, and Governing. Policy Studies Journal, 41(3): 426452.CrossRefGoogle Scholar
Moravcsik, A (1998) The Choice for Europe. Social Purpose and State Power from Messina to Maastricht. Ithaca: Cornell University Press.Google Scholar
Moravcsik, A and Schimmelfennig, F (2019) Liberal Intergovernmentalism. In: Wiener, A, Börzel, T and Risse, T (eds.), European Integration Theory, 3rd ed., Oxford: Oxford University Press.Google Scholar
Niemann, A, Lefkofridi, Z and Schmitter, P (2019) Neofunctionalism. In: Wiener, A, Börzel, T and Risse, T (eds.), European Integration Theory, 3rd ed. Oxford: Oxford University Press.Google Scholar
Odermatt, J (2018) The European Union as a Cybersecurity Actor. In: Blockmans, S and Koutrakos, P (eds.), Research Handbook on the EU’s Common Foreign and Security Policy (chapter 17). Edward Elgar Publishing.Google Scholar
Schabhuser, G (2017) The Cybersecurity Act and the Future Role of ENISA from a German National Perspective. Federal Office for Information Security (BSI) The Senate of the Parliament of the Czech Republic (2017) 311th Resolution of the Senate. Delivered on the 11th session held on December 2017.Google Scholar
Sweet, A and Sandholtz, W (1997) European Integration and Supranational Governance. Journal of European Public Policy, 4(3): 297317.CrossRefGoogle Scholar
The Parliament of Romania Senate (2017) Opinion of the Romanian Senate on the Proposal for a Regulation of the European Parliament and of the Council on ENISA, EU Agency for Cybersecurity, repealing Regulation (EU) 526/2013 and on Cybersecurity Certification for Information and Communication Technologies, Cybersecurity Act.Google Scholar
The Senate of the Parliament of the Czech Republic (2017) 311th Resolution of the Senate. Delivered on the 11th session held on December 2017.Google Scholar
UK Parliament (2018a) Digital Single Market: ENISA/EU Cybersecurity Agency Regulation. European Scrutiny Committee. February 21st, 2018.Google Scholar
UK Parliament (2018b) ENISA/EU Cybersecurity Agency. European Scrutiny Committee. June 6th, 2018.Google Scholar
Van Evera, S (1997) Guide to Methods for Students of Political Science. Ithaca, NY: Cornell University Press.Google Scholar
Wessel, R (2015) Towards EU Cybersecurity Law: Regulating a New Policy Field. In: Tsagourias, N and Buchan, R (eds.), International Law and Cyberspace. Research Handbooks in International Law Series, Edward Elgar Publishing, 403–425.CrossRefGoogle Scholar