ENISA , the EU’s Cybersecurity Agency, is pushing to become a top-level root CVE Numbering Authority (TL-Root CNA) as part of its aim to strengthen its role in the CVE program, according to Infosecurity Magazine. The agency is currently being onboarded by the US Cybersecurity and Infrastructure Security Agency (CISA) to join MITRE and CISA as TL-Root CNA holders, with a stated goal of achieving this status in 2026 or early 2027.
ENISA became a CVE Numbering Authority in 2024 and then a root CNA in 2025, and it envisions onboarding new CNAs across Europe, including national CERTs and CSIRTs, to expand its European footprint. The CVE Program, which has 502 CNAs, of which 83 are Europe-based, would see ENISA added to the programme’s Board if TL-Root CNA status is granted, according to the article.
ENISA’s leadership emphasised that the onus is on maturing services and growing the team to adequately represent EU interests, with vacancies being advertised.