On 22 March 2022, the Commission proposed new rules to establish common cybersecurity and information security measures across the EU institutions, bodies, offices and agencies.