The European Union Agency for Cybersecurity (ENISA) announced on Monday the formation of its new Advisory Group, selecting 26 individual experts to support the Agency’s strategic goals as defined by its management board. Chosen from more than 300 eligible applicants, the group includes members from industry, academia, business, and consumer organizations, alongside nominated representatives. The Advisory Group plays a key role in shaping ENISA’s work programme, advancing its strategic objectives, and strengthening engagement with stakeholders across Europe.
The term of office of the Advisory Group shall run for two-and-a-half years, from Aug. 1, this year to Jan. 31, 2028. The term of the previous Advisory Group will end on July 31.
“We warmly welcome the members of the new Advisory Group,” Juhan Lepassaar, ENISA executive director, declared in a media statement. “We are eager to work with them and make use of their expertise to tackle the challenges ahead of us. The Agency is grateful for the valuable support received by the departing members, and we would like to thank them all for their contribution.”
Based on personal expertise and merits, members are selected ‘ad personam.’ As such, they do not represent their country of origin, nor do they represent the organisation they work for. As a consequence, they cannot delegate their responsibilities to any other member of the group or any other third party.
The Management Board of ENISA, acting on a proposal from the Agency’s Executive Director, has appointed these experts to serve in a personal capacity as members of the ENISA Advisory Group. Maite Arcos, Christian Behre, and Gabriela Bogk have been appointed from the ICT industry. Maria Christofi brings expertise across both the ICT industry and the NIS sector. Valentina Dragos and Ana Ferreira join from academia.
Boris Hemkemeier, Cónal Hickey, and Laura Iglesias Febrero each contribute experience spanning the ICT industry and the NIS sector. Attila Alajos Horváth, Liina Kamm, Bernardus Kokx, Stephane Lenco, and Vincent Lomba are also appointed from the ICT industry.
Additionally, Beatriz Martinez Candano represents both the ICT industry and the NIS sector. Vasileios Mavroeidis and Isabel Praça join from academia. Paolo Palumbo, Jaroslav Reznik, Mohit Sethi, Joanna Świątkowska, Sergio Trindade, Frank Van Caenegem, Rigobert Van den Broeck, Zeina Zakhour, and Steffen Zimmermann round out the list, all bringing expertise from the ICT industry.
Some experts have been placed on the reserve list to serve in a personal capacity as members of the ENISA Advisory Group. Armin Babaei, Adrien Becue, Vilius Benetis, Abdou Naby Diaw, Johannes Dohren, Sergej Epp, and Yalcinkaya Erkan are all listed with expertise in the ICT industry and the NIS sector. Ange Ferrari and Bruno Halopeau are also listed for their background in the ICT industry and the NIS sector. Mathis Hammel, Marcus Klische, Matteo Lucchetti, Felice Maccaro, Massimiliano Masi, Alessandro Menna, and Milen Miletiev bring the same sectoral expertise.
Tobias Nitzsche, Nikolaos Peppas, Juergen Pfannenstein, Roger Riera, and Thomas Stubbings are likewise recognized for their experience in the ICT industry and NIS sector. Sebastiaan Van ‘t Erve is listed as representing the consumer category.
The non-renumerated role of the Advisory Group is to advise ENISA concerning the performance of the Agency’s tasks, except the cybersecurity certification framework. The group shall specifically ensure communication with the relevant stakeholders on issues related to ENISA’s annual work programme. The group is also expected to advise the Executive Director on the drawing up of a proposal for the annual work programme of the Agency. The Advisory Group may also publish opinion papers about these tasks as part of their advice.
The call for members was intended for nationals of the Member States of the European Union and nationals from the European Free Trade Association (EFTA countries). Experts were selected for the skills and work experience of particular relevance for ENISA to deliver on the priorities set in its multi-annual work programme. In particular, this includes the implementation of the NIS2 Directive and the Cyber Resilience Act.
ENISA has also nominated representatives from key organizations that work closely with the Agency in carrying out its mandate. These include the Body of European Regulators for Electronic Communications, the European Committee for Standardization and the European Committee for Electrotechnical Standardization, the European Telecommunications Standards Institute, and the European Union Agency for Law Enforcement Cooperation.
Representatives were also nominated from the European Data Protection Board, the Computer Emergency Response Team for EU institutions, bodies, and agencies, and the European Cybersecurity Competence Centre.
In May, the ENISA released a comprehensive handbook to guide national and sectoral authorities in overseeing the cybersecurity and resilience of critical infrastructure under the NIS2 Directive. Designed for use at the national, regional, and EU levels, the Handbook for Cyber Stress Testing provides a structured approach to assessing the cybersecurity and resilience of critical sector entities. It may also serve as a valuable resource for supervisory bodies operating under related regulations, such as the Digital Operational Resilience Act (DORA) and the Critical Entities Resilience (CER) directive.
