Beta

Source: OJ L 2024/2847, 20.11.2024

EN

Recital 67 Notification of severe incidents

Manufacturersmeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; should also notify any severe incident having an impact on the security of the product with digital elementsmeans an incident that negatively affects or is capable of negatively affecting the ability of a product with digital elements to protect the availability, authenticity, integrity or confidentiality of data or functions; to the CSIRT designated as coordinatormeans a CSIRT designated as coordinator pursuant to Article 12(1) of Directive (EU) 2022/2555. and ENISA. In order to ensure that users can react quickly to severe incidentsmeans an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; having an impact on the security of their products with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately;, manufacturersmeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; should also inform their users about any such incidentmeans an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; and, where applicable, about any corrective measures that the users can deploy to mitigate the impact of the incidentmeans an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555;, for example by publishing relevant information on their websites or, where the manufacturermeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; is able to contact the users and where justified by the cybersecurity risksmeans the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident;, by reaching out to the users directly.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod