Recital 20 All-hazards approach of the NIS 2 directive

Directive (EU) 2022/2555 requires entities belonging to the digital infrastructure sector, which might be identified as critical entitiesmeans a public or private entity which has been identified by a Member State in accordance with Article 6 as belonging to one of the categories set out in the third column of the table in the Annex; under this Directive, to take appropriate and proportionate technical, operational and organisational measures to manage the risksmeans the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; posed to the security of network and information systems and to notify significant incidentsmeans an event which has the potential to significantly disrupt, or that disrupts, the provision of an essential service, including when it affects the national systems that safeguard the rule of law; and cyber threats. Since threats to the security of network and information systems can have different origins, Directive (EU) 2022/2555 applies an all-hazards approach that includes the resiliencemeans a critical entity’s ability to prevent, protect against, respond to, resist, mitigate, absorb, accommodate and recover from an incident; of network and information systems, as well as the physical components and environment of those systems.