Beta

Source: OJ L, 2024/2690, 18.10.2024

EN

Recital 17 Certified ICT products and services

The relevant entitiesmeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; should manage the risksmeans the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; stemming from the acquisition of ICT productsmeans an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; or ICT servicesmeans an ICT service as defined in Article 2, point (13), of Regulation (EU) 2019/881; from suppliers or service providers and should obtain assurance that the ICT productsmeans an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; or ICT servicesmeans an ICT service as defined in Article 2, point (13), of Regulation (EU) 2019/881; to be acquired achieve certain cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; protection levels, for example by European cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certificates and EU statements of conformity for ICT productsmeans an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; or ICT servicesmeans an ICT service as defined in Article 2, point (13), of Regulation (EU) 2019/881; issued under a European cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification scheme adopted pursuant to Article 49 of Regulation (EU) 2019/881 of the European Parliament and of the Council(2)Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (OJ L 151, 7.6.2019, p. 15, ELI: http://data.europa.eu/eli/reg/2019/881/oj).. Where the relevant entitiesmeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; set out security requirements to apply to the ICT productsmeans an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; to be acquired, they should take into account the essential cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in a regulation of the European Parliament and of the Council on horizontal cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements for products with digital elements.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod