ENISA Is Now a CVE Program Root

European Cybersecurity Agency Can Assign CVE IDs and Publish CVE Records Akshaya Asokan (asokan_akshaya) • November 20, 2025

The European Union Agency for Cybersecurity is poised to take on a greater role in coordinating vulnerability disclosures across the trading bloc with its elevation as a "Root"-level participant in the Common Vulnerabilities and Exposures program.

See Also: Compliance Team Guide for Evasion Prevention & Sanction Exposure Detection

Under the CVE Program, an organization recognized as a Root can assign flaws and coordinate vulnerability disclosure. "With the new responsibilities, ENISA will further enhance the EU's ability to manage and coordinate cybersecurity vulnerabilities, and improve digital security across the union" said ENISA Director Juhan Lepassaar.

ENISA will also be a central contact point for coordinating and disclosing vulnerabilities reported by or to the European Union Computer Security Incident Response Teams. The step would reduce "fragmentation, strengthen cross-border coordination ...