ECASEC Expert Group portal

This is the workspace for the ECASEC, the Article 40, former Article 13A Expert Group. Below you can find a history of the group and the latest versions of the Article 13a guidelines. Members of the group use this space to access dedicated tools, the reporting tool, the issue tracker, drafts under consultation, etc.


In 2009 Article 13a was introduced as part of the Telecoms Framework directive. Article 13a requires EU Member States to ensure that providers take appropriate security measures to protect the security and integrity of telecom networks and services.

In 2010, ENISA, the European Commission (EC), Ministries and Telecommunication National Regulatory Authorities (NRAs), initiated a series of meetings (workshops, conference calls) to support a harmonized implementation of Article 13a: This group has grown and matured over the years and is known as the ENISA Article 13a expert group.

A harmonized implementation of the Article 13a provisions on security measures and incident reporting, is important to allow a level playing field across the EU-wide telecom market, and to simplify compliance for telecom providers operating across national borders.

The primary objectives of the ENISA Article 13a expert group are:

  • Involve all EU member states in an open discussion about Article 13a, to discuss implementation details, share knowledge and exchange views.
  • Agree and implement a reporting scheme between ENISA, the European Commission, and the authorities for telecom security, for ad-hoc reporting about cross-border incidents and the annual summary reporting (paragraph 3 of Article 13a)
  • Support the EU member states with the national supervision of Article 13a, i.e. the national incident reporting scheme, ensuring a providers assess security risks and take the appropriate security measures (paragraphs 1 and 2 of Article 13a).
Meetings are held 3 times per year and are hosted by a different national authority each time, to spread traveling costs and time equally.
The group is chaired by a member of the group. The current chair is Warna Munzebrock, the Dutch Radiocommunications agency
ENISA supports the group with logistics, technical advise, drafting and acts as secretariat. Contact the secretariat (ENISA) at:

The detailed terms of reference of the group can be found here: Terms of reference of the Article 13a Expert Group


Article 13a guidelines

ENISA together with the Article 13a Expert Group drafted technical guidelines for authorities, about the technical implementation of Article 13a. These technical guidelines carry the consensus of all the experts in the group. Consultation with the private sector, about drafts, takes place via the national telecom security authorities. 

Article 13a basically asks providers to perform three activities: 1. assess risks, 2. take appropriate security measures, and 3. report about significant security incidents. The three processes are depicted in the triangle below. Cybersecurity supervision under the NIS Directive (Article 14/16) and under eIDAS (Article 19) is based on the same triangle.


The group adopted 3 Article 13a guidelines. The latest versions can be found at the following links: 

    • Article 13a Technical Guideline on Incident Reporting: The reporting guidelines defines an EU-wide reporting framework for telecom security incidents. It is the basis for the (current) practical implementation of cross-border and annual summary reporting.

Other publications produced by ENISA in collaboration with the Article 13a group

Every year ENISA publishes an annual report which aggregates the data about telecom security incidents reported across the EU.  The latest is the annual report telecom security incidents 2019.

Based on trends, issues, discussion with authorities, ENISA selects and dives into specific topics, typically 1-2 times per year. This often results in the publication of short technical papers on specific topics relevant for resilience and security of networks and services, such as security exceptions in the net neutrality rulesBGP security, security in signalling (SS7, Diameter), power supply dependencies, national roaming, protection of underground cables, and so on. Sometimes a deep-dive results just in an internal working paper or a technical presentation for the Article 13a group. Please use the ENISA website for a full overview of ENISA publications on telecom security.

Incident reporting tool CIRAS

To support the MS with the implementation of Article 13a cross border and annual summary reporting, ENISA developed an incident reporting tool which can be used by the national authorities.

The tool is accessible at If you are an expert working at a national telecom security authority tasked with reporting incidents and you need access, please contact us at

For the public we provide detailed information about reported incidents in the ENISA visual tool for reported incidents at the ENISA website. Data Privacy Statement for the reporting tool - CIRAS

Policy context

For easy reference, here is a link to the complete EU legal framework for electronic communications, which incorporates the 2009 reform. Article 13a can be found on page 55.

From the end of 2020 the EECC (Article 40) will replace Article 13a. The new EU telecom security rules in Article 40 of the EECC are largely a continuation of the approach under Article 13a. The EECC can be accessed here.

In 2019 ENISA published a paper that explains the main changes in security supervision under the EECC, with respect to Article 13a.

Contact us - For any questions or remarks please contact us via email to