European Banking Authority (EBA)

Climate Impact & Sustainability Data (2022, 2024, 2025-2027)

Total Carbon Emissions:584,485 tCO2e/year

Undertook an exercise to map its current climate footprint. Based on an audit of past ENISA emissions, for which 2019 and 2021 were used as reference years, it was established that ENISA creates 584 485 tCO2e of greenhouse gas (GHG) emissions annually, with indirect emissions from purchased electricity (50.33 %) and air travel (36.80 %) being the main sources of impact on climate. Based on these results, an action plan was developed, particularly in relation to the main sources of ENISA’s emissions: purchased electricity and air travel.

Welcomed 16 newcomers (7 temporary agents, 4 contract agents, 4 seconded national experts and 1 trainee).
Developed and adopted a code of conduct outlining ENISA’s expectations regarding staff members’ behaviour and conduct.
Organised the 2022 European Cybersecurity Challenge (ECSC) with expanded participation and enhancements in competition content.
Presented the European cybersecurity skills framework during the first Cybersecurity Skills Conference.

Adopted a comprehensive methodology for enterprise risk management.
Formalized its information technology security risk management methodology.
Revamped its internal control framework indicators to better monitor internal control targets and the achievement of objectives.

Medium-term Goals:

Insufficient operational reserves to absorb increased demand for urgent support services due to escalations in cybersecurity threats.
Resource constraints prevented the agency from actively supporting policy files with cybersecurity provisions.
Lack of enough staff with appropriate seniority and specific skills to support policy development.
Lack of harmonisation across the EU, resulting in a fragmented policy landscape.
Increased number of sectors and new horizontal tasks under NISD2 requiring prioritization and streamlining of resources.
Resource shortfall amounting to EUR 734,000 and two FTEs in operations, and EUR 2.5 million in corporate services.
Recruitment difficulties and the need to support the ENISA cybersecurity support action.
High workload and stress levels for staff.
Lack of resources to provide 24/7 support for incidents.

Allocated a one-off support payment of EUR 15 million to massively scale up and expand its ex ante and ex post services to Member States.
Developed an NIS strategy to streamline policy implementation work.
Developed a service-based approach to optimize service provision in support of policy development.
Developed an NIS strategy to support and reorganise its services.
Reallocated staff from across its activities to deliver the cybersecurity support action.
Developed and adopted an NIS strategy to support and reorganise its services.
Developed a service catalogue organized into service packages.
Developed and adopted a comprehensive methodology for enterprise risk management.
Revamped internal control framework indicators.
Implemented a centralised risk management approach.

Ensuring harmonized information on ESAP while minimizing burden on entities and CBs
Ensuring sufficient data quality within ESAP's mandate limitations
Addressing concerns about copyright protection for certain data types (e.g., credit ratings)
Balancing the need for timely information with the technical capabilities of CBs
Maintaining a user-friendly and efficient ESAP search function

Providing clarifications in L3 documentation
Maintaining a flexible approach to validations, allowing for adjustments as implementation progresses
Mandating Creative Commons Licence BY-NC-ND for copyright-protected data
Establishing a 60-minute maximum delay for information submission to ESAP with exceptions for exceptional circumstances
Leveraging existing size categories and industry classifications where possible, using a generic category for remaining entities

85% response rate and 72% total favourable score in 2024 Staff Engagement Survey
Increased women’s representation in decision-making positions

Significant increase in workload without additional resources
Difficulties in managing increased workload and work-life balance with capped resources
Uncertainties around fee revenue for DORA, MiCAR, and EMIR
Limited expertise in ICT supervision
Increased average staff costs