Source: OJ L 333, 27.12.2022, p. 80–152
- High common level of cybersecurity for entities
Basic legislative acts
- NIS 2 directive
Article 1 Subject matter
This Directive lays down measures that aim to achieve a high common level of cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; across the Union, with a view to improving the functioning of the internal market.
To that end, this Directive lays down:
obligations that require Member States to adopt national cybersecurity strategiesmeans a coherent framework of a Member State providing strategic objectives and priorities in the area of cybersecurity and the governance to achieve them in that Member State; and to designate or establish competent authorities, cyber crisis management authorities, single points of contact on cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; (single points of contact) and computer security incidentmeans an event compromising the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, network and information systems; response teams (CSIRTs);
cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; risk-management measures and reporting obligations for entitiesmeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; of a type referred to in Annex I or II as well as for entitiesmeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; identified as critical entitiesmeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; under Directive (EU) 2022/2557;
rules and obligations on cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; information sharing;
supervisory and enforcement obligations on Member States.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.