(c&p from the EC Consultation's page)
The European Network and Information Security Agency was established in 2004 for a period of five years, as a means of contributing to the goals of ensuring a high and effective level of network and information security within the Community and developing a culture of network and information security for the benefit of EU citizens, consumers, enterprises and administrations. In June 2007, the Commission issued a Communication on the evaluation of ENISA which included an appraisal of an evaluation conducted by an external group of experts. The evaluation report identified a number of problems, but also indicated certain positive aspects of the Agency's achievements in the light of the limited means at its disposal. The Commission responded to the concerns identified by proposing a Regulation establishing a European Electronic Market Communications Authority to replace the European Regulators Group and to take over responsibility for ENISA's activities after the expiry of its mandate.
Since the ENISA Regulation would have expired on 13 March 2009, the Commission, in order to ensure continuity, proposed an interim measure to extend its duration. In September 2008, the European Parliament and the Council adopted the Regulation extending ENISA's mandate 'à l'identique' with three years till March 2012 (NOTE: related to Telecom Package; was voted the same day in the European Parliament)
On that occasion, the European Parliament and the Council, called for 'further discussion on the future of ENISA and on the general direction of the European efforts towards an increased network and information security'. The Commission has been requested to contribute to this discussion.