The new EU Cybersecurity Regulation, laying down measures for a common level of online security at the institutions, bodies, offices and agencies of the Union, entered into force yesterday, 7 January. The Regulation “lays down measures for the establishment of an internal cybersecurity risk management, governance and control framework for each Union entity, and sets up a new Interinstitutional Cybersecurity Board (IICB) to monitor and support its implementation by Union entities”. According to a statement from the European Commission, it “provides an extended mandate of the Computer Emergency Response Team for the EU institutions, bodies, offices and agencies (CERT-EU), as a threat intelligence, information exchange and incident response coordination hub, a central advisory body, and a service provider”. In line with its mandate, CERT-EU is renamed to Cybersecurity Service for the Union institutions, bodies, offices and agencies, but it retains the short name “CERT-EU”. Following the timeline defined in the Regulation, the Union entities “will establish internal cybersecurity governance processes and will progressively put in place specific cybersecurity risk management measures foreseen by the Regulation”. The IICB “will be set up and will become operational as soon as possible”.