Cyber security


The Internet has become a critical infrastructure for both businesses and individual users. Growing dependence on networked digital systems has brought with it an increase in both the variety and quantity of cyber-threats.

In addition, the different methods governing secure transactions in the various Member States of the European Union sometimes make it difficult to assess risk and to ensure adequate security.

Standards have a key role to play in protecting the Internet and the communications and business it carries.

Our Role & Activities

Our Cyber Security committee (TC CYBER) is working closely with relevant stakeholders to develop standards to increase privacy and security for organizations and citizens across Europe.

We are looking in particular at the security of infrastructures, devices, services and protocols, as well as security tools and techniques to ensure security.

We are preparing a report on protection measures for Information and Communications Technologies (ICT) in critical infrastructures, specifically power and transport, which underpin all the other critical infrastructures. This report will include resilience, Machine-to-Machine communications and eHealth.

We are also producing standards related to:

  • security assurance
  • monitoring the security of Network Functions Virtualization (NFV)
  • the protection and retention of personally identifiable information
  • security aspects of Lawful Interception (LI) and data retention interfaces
  • an LI security baseline for NFV and related platforms
  • a global cyber security ecosystem
  • platform security technology
  • the post quantum computing impact on ICT security

In addition, TC CYBER serves as a centre of expertise and offers security advice and guidance to users, manufacturers and network and infrastructure operators as well as other ETSI committees.

We also work with the Cyber Security Co-ordination Group (CSCG), an advisory body which brings ETSI together with CEN and CENELEC and various security-related European institutions.


The following is a list of the latest published ETSI standards on cyber security.

A full list of related standards in the public domain is accessible via the ETSI standards search. Via this interface you can also subscribe for alerts on updates of ETSI standards.

For work in progress see the ETSI Work Programme on the Portal.

Standard No. Standard title.
TR 103 305-1 CYBER; Critical Security Controls for Effective Cyber Defence; Part 1: The Critical Security Controls
TR 103 305-2 CYBER; Critical Security Controls for Effective Cyber Defence; Part 2: Measurement and auditing
TR 103 305-3 CYBER; Critical Security Controls for Effective Cyber Defence; Part 3: Service Sector Implementations
TR 103 305-4 CYBER; Critical Security Controls for Effective Cyber Defence; Part 4: Facilitation Mechanisms
TR 103 331 CYBER; Structured threat information sharing
TR 103 304 CYBER; Personally Identifiable Information (PII) Protection in mobile and cloud services
TR 103 369 CYBER; Design requirements ecosystem
EG 203 310 CYBER; Quantum Computing Impact on security of ICT Systems; Recommendations on Business Continuity and Algorithm Selection
TS 103 307 CYBER; Security Aspects for LI and RD Interfaces
TR 103 303 CYBER; Protection measures for ICT in the context of Critical Infrastructure
TS 103 487 CYBER; Baseline security requirements regarding sensitive functions for NFV and related platforms
TR 103 308 CYBER; Security baseline regarding LI and RD for NFV and related platforms
TR 103 306 CYBER; Global Cyber Security Ecosystem
TR 103 309 CYBER; Secure by Default - platform security technology
TR 103 305 CYBER; Critical Security Controls for Effective Cyber Defence