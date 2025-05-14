The European Union Agency for Cybersecurity (Enisa) has debuted a European Union Vulnerability Database (EUVD) to provide “aggregated, reliable and actionable” information on newly disclosed cyber security vulnerabilities in IT products and services.

The EUVD, which is mandated by the NIS2 Directive, is designed to gather publicly available information from sources such as EU member state national computer security incident response teams (CSIRTs), industry threat researchers, and other vulnerability databases, including Mitre’s CVE Program.

Enisa said that to meet this goal, it has constructed its platform on a holistic approach as an interconnected database that it believes will allow for better analysis and help the community correlate vulnerabilities. It said this would ultimately make it a more trustworthy, transparent and broader information source.

“The EU Vulnerability Database is a major step towards reinforcing Europe’s security and resilience,” said Henna Virkkunen, European Commission executive vice-president for tech sovereignty, security and democracy.

“By bringing together vulnerability information relevant to the EU market, we are raising cyber security standards, enabling both private and public sector stakeholders to better protect our shared digital spaces with greater efficiency and autonomy.”

Enisa executive director Juhan Lepassaar added: “Enisa achieves a milestone with the implementation of the vulnerability database requirement from the NIS2 Directive. The EU is now equipped with an essential tool designed to substantially improve the management of vulnerabilities and the risks associated with them.

“The database ensures transparency to all users of the affected ICT products and services and will stand as an efficient source of information to find mitigation measures.”