Source: OJ L 333, 27.12.2022, p. 80–152Current language: EN
- High common level of cybersecurity for entities
Basic legislative acts
- NIS 2 directive
Article 14 Cooperation Group
Summary What does Article 14 of the NIS 2 directive say?
This is a notably detailed article that establishes the Cooperation Group, a key strategic body designed to foster trust and information sharing among Member States on cybersecurity matters.
Composed of Member State representatives, the Commission, and ENISA, the Group serves as the central forum for aligning national approaches to implementing the Directive.
Its mandate is broad, covering everything from guidance on transposition and vulnerability disclosure policies, to coordinated supply chain risk assessments, peer review methodology, and regular engagement with private stakeholders.
The article also connects the Cooperation Group directly to other bodies established under the Directive, namely the CSIRTs network and EU-CyCLONe, to which it provides strategic guidance, as well as to the Critical Entities Resilience Group under Directive (EU) 2022/2557, with which it must meet at least annually.
Important points:
- The Cooperation Group is composed of Member State representatives, the Commission, and ENISA, with the Commission providing the secretariat and the ability to adopt implementing acts on the Group's procedural arrangements.
- The Cooperation Group operates on biennial work programmes, established by 1 February 2024 and every two years thereafter.
- Member States are required to ensure effective, efficient and secure cooperation of their representatives within the Cooperation Group.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
In order to support and facilitate strategic cooperation and the exchange of information among Member States, as well as to strengthen trust and confidence, a Cooperation Group is established.
The Cooperation Group shall carry out its tasks on the basis of biennial work programmes referred to in paragraph 7.
The Cooperation Group shall be composed of representatives of Member States, the Commission and ENISA. The European External Action Service shall participate in the activities of the Cooperation Group as an observer. The European Supervisory Authorities (ESAs) and the competent authorities under Regulation (EU) 2022/2554 may participate in the activities of the Cooperation Group in accordance with Article 47(1) of that Regulation.
Where appropriate, the Cooperation Group may invite the European Parliament and representatives of relevant stakeholders to participate in its work.
The Commission shall provide the secretariat.
The Cooperation Group shall have the following tasks:
to provide guidance to the competent authorities in relation to the transposition and implementation of this Directive;
to provide guidance to the competent authorities in relation to the development and implementation of policies on coordinated vulnerability disclosure, as referred to in Article 7(2), point (c);
to exchange best practices and information in relation to the implementation of this Directive, including in relation to cyber threats, incidents, vulnerabilities, near misses, awareness-raising initiatives, training, exercises and skills, capacity building, standards and technical specifications as well as the identification of essential and important entities pursuant to Article 2(2), points (b) to (e);
to exchange advice and cooperate with the Commission on emerging cybersecurity policy initiatives and the overall consistency of sector-specific cybersecurity requirements;
to exchange advice and cooperate with the Commission on draft delegated or implementing acts adopted pursuant to this Directive;
to exchange best practices and information with relevant Union institutions, bodies, offices and agencies;
to exchange views on the implementation of sector-specific Union legal acts that contain provisions on cybersecurity;
where relevant, to discuss reports on the peer review referred to in Article 19(9) and draw up conclusions and recommendations;
to carry out coordinated security risk assessments of critical supply chains in accordance with Article 22(1);
to discuss cases of mutual assistance, including experiences and results from cross-border joint supervisory actions as referred to in Article 37;
upon the request of one or more Member States concerned, to discuss specific requests for mutual assistance as referred to in Article 37;
to provide strategic guidance to the CSIRTs network and EU-CyCLONe on specific emerging issues;
to exchange views on the policy on follow-up actions following large-scale cybersecurity incidents and crises on the basis of lessons learned of the CSIRTs network and EU-CyCLONe;
to contribute to cybersecurity capabilities across the Union by facilitating the exchange of national officials through a capacity building programme involving staff from the competent authorities or the CSIRTs;
to organise regular joint meetings with relevant private stakeholders from across the Union to discuss activities carried out by the Cooperation Group and gather input on emerging policy challenges;
to discuss the work undertaken in relation to cybersecurity exercises, including the work done by ENISA;
to establish the methodology and organisational aspects of the peer reviews referred to in Article 19(1), as well as to lay down the self-assessment methodology for Member States in accordance with Article 19(5), with the assistance of the Commission and ENISA, and, in cooperation with the Commission and ENISA, to develop codes of conduct underpinning the working methods of designated cybersecurity experts in accordance with Article 19(6);
to prepare reports for the purpose of the review referred to in Article 40 on the experience gained at a strategic level and from peer reviews;
to discuss and carry out on a regular basis an assessment of the state of play of cyber threats or incidents, such as ransomware.
The Cooperation Group shall submit the reports referred to in the first subparagraph, point (r), to the Commission, to the European Parliament and to the Council.
Member States shall ensure effective, efficient and secure cooperation of their representatives in the Cooperation Group.
The Cooperation Group may request from the CSIRTs network a technical report on selected topics.
By 1 February 2024 and every two years thereafter, the Cooperation Group shall establish a work programme in respect of actions to be undertaken to implement its objectives and tasks.
The Commission may adopt implementing acts laying down procedural arrangements necessary for the functioning of the Cooperation Group.
Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
The Commission shall exchange advice and cooperate with the Cooperation Group on the draft implementing acts referred to in the first subparagraph of this paragraph in accordance with paragraph (4), point (e).
The Cooperation Group shall meet on a regular basis and in any event at least once a year with the Critical Entities Resilience Group established under Directive (EU) 2022/2557 to promote and facilitate strategic cooperation and the exchange of information.
Relevant recitals
Recital 64 The Cooperation Group
The Cooperation Group should support and facilitate strategic cooperation and the exchange of information, as well as strengthen trust and confidence among Member States. The Cooperation Group should establish a work programme every two years. The work programme should include the actions to be undertaken by the Cooperation Group to implement its objectives and tasks. The timeframe for the establishment of the first work programme under this Directive should be aligned with the timeframe of the last work programme established under Directive (EU) 2016/1148 in order to avoid potential disruptions in the work of the Cooperation Group.
Recital 65 Guidance from the Cooperation Group
When developing guidance documents, the Cooperation Group should consistently map national solutions and experiences, assess the impact of Cooperation Group deliverables on national approaches, discuss implementation challenges and formulate specific recommendations, in particular as regards facilitating an alignment of the transposition of this Directive among Member States, to be addressed through a better implementation of existing rules. The Cooperation Group could also map the national solutions in order to promote compatibility of cybersecurity solutions applied to each specific sector across the Union. This is particularly relevant to sectors that have an international or cross-border nature.
Recital 66 Ways of working for the Cooperation Group
The Cooperation Group should remain a flexible forum and be able to react to changing and new policy priorities and challenges while taking into account the availability of resources. It could organise regular joint meetings with relevant private stakeholders from across the Union to discuss activities carried out by the Cooperation Group and gather data and input on emerging policy challenges. Additionally, the Cooperation Group should carry out a regular assessment of the state of play of cyber threats or incidents, such as ransomware. In order to enhance cooperation at Union level, the Cooperation Group should consider inviting relevant Union institutions, bodies, offices and agencies involved in cybersecurity policy, such as the European Parliament, Europol, the European Data Protection Board, the European Union Aviation Safety Agency, established by Regulation (EU) 2018/1139, and the European Union Agency for Space Programme, established by Regulation (EU) 2021/696 of the European Parliament and the Council(14), to participate in its work.
Recital 134 Cooperation and assistance via the Cooperation Group
For the purpose of ensuring entities’ compliance with their obligations laid down in this Directive, Member States should cooperate with and assist each other with regard to supervisory and enforcement measures, in particular where an entity provides services in more than one Member State or where its network and information systems are located in a Member State other than that where it provides services. When providing assistance, the requested competent authority should take supervisory or enforcement measures in accordance with national law. In order to ensure the smooth functioning of mutual assistance under this Directive, the competent authorities should use the Cooperation Group as a forum to discuss cases and particular requests for assistance.
Recital 139 Implementing acts on the Cooperation Group, measures and reporting
In order to ensure uniform conditions for the implementation of this Directive, implementing powers should be conferred on the Commission to lay down the procedural arrangements necessary for the functioning of the Cooperation Group and the technical and methodological as well as sectoral requirements concerning the cybersecurity risk-management measures, and to further specify the type of information, the format and the procedure of incident, cyber threat and near miss notifications and of significant cyber threat communications, as well as cases in which an incident is to be considered to be significant. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council(23).
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
significant cyber threat
Definition
incident
Definition
risk
Definition
social networking services platform
Definition
online search engine
Definition
ICT product
Definition
standard
Definition
large-scale cybersecurity incident
Definition
representative
Definition
network and information system
- an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972;
- any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; or
- digital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance;
Definition
managed security service provider
Definition
content delivery network
Definition
ICT service
Definition
cyber threat
Definition
entity providing domain name registration services
Definition
TLD name registry
Definition
managed service provider
Definition
DNS service provider
- publicly available recursive domain name resolution services for internet end-users; or
- authoritative domain name resolution services for third-party use, with the exception of root name servers;
Definition
data centre service
Definition
entity
Definition
cybersecurity
Definition
vulnerability
Definition
digital service
Definition
online marketplace
Definition
near miss
Definition
cloud computing service
Definition
technical specification
Footnote 23
Footnote 14