Source: OJ L, 2026/881, 20.4.2026

Current language: EN

Article 4 Terms and conditions for applying cybersecurity-related grounds in relation to a specific CSIRT

  1. The CSIRT initially receiving the notificationmeans the CSIRT designated as coordinator initially receiving the notification in accordance with Article 14(1) and (3) and Article 15(1) and (2) of Regulation (EU) 2024/2847; may decide to delay for a period of time that is strictly necessary the dissemination of notifications or parts thereof to a specific relevant CSIRTmeans the CSIRT designated as coordinator on the territory of which the manufacturer has indicated that the product with digital elements has been made available. in cases where:

    1. the relevant CSIRTmeans the CSIRT designated as coordinator on the territory of which the manufacturer has indicated that the product with digital elements has been made available. has been affected by a cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; incidentmeans an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; casting doubt on its ability to ensure the confidentiality of the notified information;

    2. it has sufficient reason to believe that the capabilities of the relevant CSIRTmeans the CSIRT designated as coordinator on the territory of which the manufacturer has indicated that the product with digital elements has been made available. are inadequate to ensure the confidentiality of the notified information.

  2. In cases referred to in point (a) of the first subparagraph, the CSIRT initially receiving the notificationmeans the CSIRT designated as coordinator initially receiving the notification in accordance with Article 14(1) and (3) and Article 15(1) and (2) of Regulation (EU) 2024/2847; may delay the dissemination until the relevant CSIRTmeans the CSIRT designated as coordinator on the territory of which the manufacturer has indicated that the product with digital elements has been made available. has informed the CSIRTs Network referred to in Article 15 of Directive (EU) 2022/2555 that its ability to ensure the confidentiality of notifications has been restored.

  3. In cases referred to in point (b) of the first subparagraph, the CSIRT initially receiving the notificationmeans the CSIRT designated as coordinator initially receiving the notification in accordance with Article 14(1) and (3) and Article 15(1) and (2) of Regulation (EU) 2024/2847; may delay the dissemination to the relevant CSIRTmeans the CSIRT designated as coordinator on the territory of which the manufacturer has indicated that the product with digital elements has been made available. until that CSIRT has provided evidence that it has addressed the shortcomings identified.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod