European Union Agency for Cybersecurity (ENISA) has officially launched the European Vulnerability Database (EUVD), a groundbreaking platform designed to enhance digital security across the EU.
Developed in accordance with the NIS2 Directive, the database is now operational and accessible to the public, aiming to aggregate, standardize, and disseminate vital information about cyber vulnerabilities affecting Information and Communication Technology (ICT) products and services.
The launch of EUVD marks a pivotal achievement in the EU’s broader strategy to reinforce cybersecurity and digital resilience.
Henna Virkkunen, European Commission Executive Vice-President for Tech Sovereignty, Security and Democracy, hailed the initiative as a “major step towards reinforcing Europe’s security and resilience.”
By consolidating vulnerability information relevant to the EU marketplace, the EUVD raises cybersecurity standards, allowing both public and private stakeholders to protect digital assets with increased efficiency and autonomy.
Juhan Lepassaar, Executive Director of ENISA, emphasized the milestone, stating, “The EU is now equipped with an essential tool designed to substantially improve the management of vulnerabilities and associated risks.
The database ensures transparency and serves as a reliable resource for finding mitigation measures for ICT vulnerabilities.”
Centralized Resource for Vulnerability
The EUVD aggregates data from diverse sources, including Computer Security Incident Response Teams (CSIRTs), ICT vendors, and established vulnerability databases like MITRE’s CVE database.
This comprehensive approach provides users with actionable details, such as mitigation advice and the current exploitation status of vulnerabilities.
The EUVD is structured with three dashboard views focusing on critical vulnerabilities, exploited vulnerabilities, and EU-coordinated vulnerabilities-facilitating rapid situational awareness and response.
The platform is designed for wide accessibility, serving IT product and service suppliers, national competent authorities, private enterprises, security researchers, and the general public.
ENISA’s coordination with EU and international organizations ensures the EUVD remains up-to-date.
Data is sourced from open databases, vendor advisories, and national CSIRT alerts, and includes descriptive information on affected products, severity, exploitation methods, and patching guidance.
EU Cybersecurity Ecosystem
According to the Report, ENISA’s role as a CVE Numbering Authority (CNA) further enables the agency to assign and manage CVE identifiers for vulnerabilities discovered or reported by EU CSIRTs, enhancing coordinated vulnerability disclosure (CVD) across member states.
This collaboration with national authorities and international partners, including MITRE and CISA, ensures that EUVD remains a trusted source for cybersecurity situational awareness.
It is important to distinguish the EUVD from the forthcoming Cyber Resilience Act (CRA) Single Reporting Platform (SRP), which will become mandatory for the notification of exploited vulnerabilities by September 2026.
While the SRP focuses on mandatory reporting by manufacturers, the EUVD, operated under the NIS2 Directive, serves as a consolidated vulnerability intelligence hub for the EU.
Looking ahead, ENISA plans to continue refining the EUVD throughout 2025, incorporating feedback from users and stakeholders.
The agency will focus on expanding functionality and building on its commitment to improving cybersecurity transparency and response capabilities across the European Union.
With the EUVD, ENISA reinforces Europe’s position at the forefront of global digital security, offering a holistic, reliable, and transparent approach to vulnerability management for the benefit of governments, industry, and citizens alike.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
