Source: OJ L 333, 27.12.2022, p. 80–152Current language: EN
- High common level of cybersecurity for entities
Basic legislative acts
- NIS 2 directive
Article 16 European cyber crisis liaison organisation network (EU-CyCLONe)
Summary What does Article 16 of the NIS 2 directive say?
This article formally establishes EU-CyCLONe, the European cyber crisis liaison organisation network, as the Union's operational body for coordinating the management of large-scale cybersecurity incidents and crises.
It sits alongside the Cooperation Group and the CSIRTs network as one of the key institutional pillars of the directive, and it connects directly to Article 15, which governs the CSIRTs network, with the two bodies required to cooperate on the basis of agreed procedural arrangements.
The article covers EU-CyCLONe's composition, its core tasks, its reporting obligations, and its relationship with other Union bodies.
Important points:
- EU-CyCLONe is composed of Member States' cyber crisis management authorities, with the Commission participating as a full member when a large-scale incident has or is likely to have a significant impact on services within the directive's scope, and as an observer otherwise.
- ENISA is required to provide the secretariat of EU-CyCLONe and to support secure information exchange between Member States.
- EU-CyCLONe is required to report regularly to the Cooperation Group and to submit a report to the European Parliament and to the Council by 17 July 2024 and every 18 months thereafter.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
EU-CyCLONe is established to support the coordinated management of large-scale cybersecurity incidents and crises at operational level and to ensure the regular exchange of relevant information among Member States and Union institutions, bodies, offices and agencies.
EU-CyCLONe shall be composed of the representatives of Member States’ cyber crisis management authorities as well as, in cases where a potential or ongoing large-scale cybersecurity incident has or is likely to have a significant impact on services and activities falling within the scope of this Directive, the Commission. In other cases, the Commission shall participate in the activities of EU-CyCLONe as an observer.
ENISA shall provide the secretariat of EU-CyCLONe and support the secure exchange of information as well as provide necessary tools to support cooperation between Member States ensuring secure exchange of information.
Where appropriate, EU-CyCLONe may invite representatives of relevant stakeholders to participate in its work as observers.
EU-CyCLONe shall have the following tasks:
to increase the level of preparedness of the management of large-scale cybersecurity incidents and crises;
to develop a shared situational awareness for large-scale cybersecurity incidents and crises;
to assess the consequences and impact of relevant large-scale cybersecurity incidents and crises and propose possible mitigation measures;
to coordinate the management of large-scale cybersecurity incidents and crises and support decision-making at political level in relation to such incidents and crises;
to discuss, upon the request of a Member State concerned, national large-scale cybersecurity incident and crisis response plans referred to in Article 9(4).
EU-CyCLONe shall adopt its rules of procedure.
EU-CyCLONe shall report on a regular basis to the Cooperation Group on the management of large-scale cybersecurity incidents and crises, as well as trends, focusing in particular on their impact on essential and important entities.
EU-CyCLONe shall cooperate with the CSIRTs network on the basis of agreed procedural arrangements provided for in Article 15(6).
By 17 July 2024 and every 18 months thereafter, EU-CyCLONe shall submit to the European Parliament and to the Council a report assessing its work.
Relevant recitals
Recital 71 Role of EU-CyCLONe
EU-CyCLONe should work as an intermediary between the technical and political level during large-scale cybersecurity incidents and crises and should enhance cooperation at operational level and support decision-making at political level. In cooperation with the Commission, having regard to the Commission’s competence in the area of crisis management, EU-CyCLONe should build on the CSIRTs network findings and use its own capabilities to create impact analysis of large-scale cybersecurity incidents and crises.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
incident
Definition
risk
Definition
social networking services platform
Definition
online search engine
Definition
ICT product
Definition
large-scale cybersecurity incident
Definition
representative
Definition
network and information system
- an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972;
- any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; or
- digital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance;
Definition
managed security service provider
Definition
content delivery network
Definition
entity providing domain name registration services
Definition
TLD name registry
Definition
managed service provider
Definition
DNS service provider
- publicly available recursive domain name resolution services for internet end-users; or
- authoritative domain name resolution services for third-party use, with the exception of root name servers;
Definition
data centre service
Definition
entity
Definition
cybersecurity
Definition
digital service
Definition
online marketplace
Definition
cloud computing service