Source: OJ L 333, 27.12.2022, p. 80–152

Current language: EN

Article 1 Subject matter


Summary What does Article 1 of the NIS2 Directive say?

This is the foundational article of the Directive, setting out its overarching purpose and providing a structured overview of what it contains.

The core objective is to achieve a high common level of cybersecurity across the EU in order to improve the functioning of the internal market.

It then maps out the four main pillars through which this is pursued: governance obligations on Member States, risk management and reporting obligations on in-scope entities, information sharing rules, and supervisory and enforcement requirements.

Important points:

  • Member States are required to adopt national cybersecurity strategies and establish the necessary authorities and response teams to operationalise them.
  • Entities listed in Annex I or II, as well as critical entities under Directive (EU) 2022/2557, must comply with cybersecurity risk-management measures and reporting obligations.
  • Member States carry supervisory and enforcement obligations to ensure compliance with the Directive.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. This Directive lays down measures that aim to achieve a high common level of cybersecurity across the Union, with a view to improving the functioning of the internal market.

    1. To that end, this Directive lays down:

      1. obligations that require Member States to adopt national cybersecurity strategies and to designate or establish competent authorities, cyber crisis management authorities, single points of contact on cybersecurity (single points of contact) and computer security incident response teams (CSIRTs);

      2. cybersecurity risk-management measures and reporting obligations for entities of a type referred to in Annex I or II as well as for entities identified as critical entities under Directive (EU) 2022/2557;

      3. rules and obligations on cybersecurity information sharing;

      4. supervisory and enforcement obligations on Member States.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod