Source: OJ L 333, 27.12.2022, p. 80–152Current language: EN
- High common level of cybersecurity for entities
Basic legislative acts
- NIS 2 directive
Article 1 Subject matter
This Directive lays down measures that aim to achieve a high common level of cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; across the Union, with a view to improving the functioning of the internal market.
To that end, this Directive lays down:
obligations that require Member States to adopt national cybersecurity strategiesmeans a coherent framework of a Member State providing strategic objectives and priorities in the area of cybersecurity and the governance to achieve them in that Member State; and to designate or establish competent authorities, cyber crisis management authorities, single points of contact on cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; (single points of contact) and computer security incidentmeans an event compromising the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, network and information systems; response teams (CSIRTs);
cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; risk-management measures and reporting obligations for entitiesmeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; of a type referred to in Annex I or II as well as for entitiesmeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; identified as critical entitiesmeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; under Directive (EU) 2022/2557;
rules and obligations on cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; information sharing;
supervisory and enforcement obligations on Member States.
Relevant recitals
Recital 3 Cybersecurity is important
Network and information systemsmeans:an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972;any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; ordigital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance; have developed into a central feature of everyday life with the speedy digital transformation and interconnectedness of society, including in cross-border exchanges. That development has led to an expansion of the cyber threatmeans a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; landscape, bringing about new challenges, which require adapted, coordinated and innovative responses in all Member States. The number, magnitude, sophistication, frequency and impact of incidentsmeans an event compromising the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, network and information systems; are increasing, and present a major threat to the functioning of network and information systemsmeans:an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972;any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; ordigital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance;. As a result, incidentsmeans an event compromising the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, network and information systems; can impede the pursuit of economic activities in the internal market, generate financial loss, undermine user confidence and cause major damage to the Union’s economy and society. Cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; preparedness and effectiveness are therefore now more essential than ever to the proper functioning of the internal market. Moreover, cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; is a key enabler for many critical sectors to successfully embrace the digital transformation and to fully grasp the economic, social and sustainable benefits of digitalisation.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.