Beta

Source: OJ L 333, 27.12.2022, p. 80–152

EN

Article 6 Definitions

For the purposes of this Directive, the following definitions apply:

  1. network and information systemmeans:an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972;any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; ordigital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance;’ means:

    1. an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972;

    2. any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; or

    3. digital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance;

  2. security of network and information systemsmeans the ability of network and information systems to resist, at a given level of confidence, any event that may compromise the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, those network and information systems;’ means the ability of network and information systemsmeans:an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972;any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; ordigital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance; to resist, at a given level of confidence, any event that may compromise the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, those network and information systemsmeans:an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972;any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; ordigital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance;;

  3. cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881;’ means cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; as defined in Article 2, point (1), of Regulation (EU) 2019/881;

  4. national cybersecurity strategymeans a coherent framework of a Member State providing strategic objectives and priorities in the area of cybersecurity and the governance to achieve them in that Member State; ’ means a coherent framework of a Member State providing strategic objectives and priorities in the area of cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; and the governance to achieve them in that Member State;

  5. near missmeans an event that could have compromised the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, network and information systems, but that was successfully prevented from materialising or that did not materialise;’ means an event that could have compromised the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, network and information systemsmeans:an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972;any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; ordigital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance;, but that was successfully prevented from materialising or that did not materialise;

  6. incidentmeans an event compromising the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, network and information systems;’ means an event compromising the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, network and information systemsmeans:an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972;any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; ordigital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance;;

  7. large-scale cybersecurity incidentmeans an incident which causes a level of disruption that exceeds a Member State’s capacity to respond to it or which has a significant impact on at least two Member States;’ means an incidentmeans an event compromising the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, network and information systems; which causes a level of disruption that exceeds a Member State’s capacity to respond to it or which has a significant impact on at least two Member States;

  8. incident handlingmeans any actions and procedures aiming to prevent, detect, analyse, and contain or to respond to and recover from an incident;’ means any actions and procedures aiming to prevent, detect, analyse, and contain or to respond to and recover from an incidentmeans an event compromising the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, network and information systems;;

  9. riskmeans the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident;’ means the potential for loss or disruption caused by an incidentmeans an event compromising the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, network and information systems; and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incidentmeans an event compromising the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, network and information systems;;

  10. cyber threatmeans a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881;’ means a cyber threatmeans a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; as defined in Article 2, point (8), of Regulation (EU) 2019/881;

  11. significant cyber threatmeans a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage;’ means a cyber threatmeans a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systemsmeans:an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972;any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; ordigital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance; of an entitymeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; or the users of the entitymeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;’s services by causing considerable material or non-material damage;

  12. ICT productmeans an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881;’ means an ICT productmeans an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; as defined in Article 2, point (12), of Regulation (EU) 2019/881;

  13. ICT servicemeans an ICT service as defined in Article 2, point (13), of Regulation (EU) 2019/881;’ means an ICT servicemeans an ICT service as defined in Article 2, point (13), of Regulation (EU) 2019/881; as defined in Article 2, point (13), of Regulation (EU) 2019/881;

  14. ICT processmeans an ICT process as defined in Article 2, point (14), of Regulation (EU) 2019/881;’ means an ICT processmeans an ICT process as defined in Article 2, point (14), of Regulation (EU) 2019/881; as defined in Article 2, point (14), of Regulation (EU) 2019/881;

  15. vulnerabilitymeans a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat;’ means a weakness, susceptibility or flaw of ICT productsmeans an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; or ICT servicesmeans an ICT service as defined in Article 2, point (13), of Regulation (EU) 2019/881; that can be exploited by a cyber threatmeans a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881;;

  16. standardmeans a standard as defined in Article 2, point (1), of Regulation (EU) No 1025/2012 of the European Parliament and of the Council(^29^);Regulation (EU) No 1025/2012 of the European Parliament and of the Council of 25 October 2012 on European standardisation, amending Council Directives 89/686/EEC and 93/15/EEC and Directives 94/9/EC, 94/25/EC, 95/16/EC, 97/23/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/23/EC and 2009/105/EC of the European Parliament and of the Council and repealing Council decision 87/95/EEC and Decision No 1673/2006/EC of the European Parliament and of the Council (OJ L 316, 14.11.2012, p. 12).’ means a standardmeans a standard as defined in Article 2, point (1), of Regulation (EU) No 1025/2012 of the European Parliament and of the Council(^29^);Regulation (EU) No 1025/2012 of the European Parliament and of the Council of 25 October 2012 on European standardisation, amending Council Directives 89/686/EEC and 93/15/EEC and Directives 94/9/EC, 94/25/EC, 95/16/EC, 97/23/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/23/EC and 2009/105/EC of the European Parliament and of the Council and repealing Council decision 87/95/EEC and Decision No 1673/2006/EC of the European Parliament and of the Council (OJ L 316, 14.11.2012, p. 12). as defined in Article 2, point (1), of Regulation (EU) No 1025/2012 of the European Parliament and of the Council(29)Regulation (EU) No 1025/2012 of the European Parliament and of the Council of 25 October 2012 on European standardisation, amending Council Directives 89/686/EEC and 93/15/EEC and Directives 94/9/EC, 94/25/EC, 95/16/EC, 97/23/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/23/EC and 2009/105/EC of the European Parliament and of the Council and repealing Council decision 87/95/EEC and Decision No 1673/2006/EC of the European Parliament and of the Council (OJ L 316, 14.11.2012, p. 12).;

  17. technical specificationmeans a technical specification as defined in Article 2, point (4), of Regulation (EU) No 1025/2012;’ means a technical specificationmeans a technical specification as defined in Article 2, point (4), of Regulation (EU) No 1025/2012; as defined in Article 2, point (4), of Regulation (EU) No 1025/2012;

  18. internet exchange pointmeans a network facility which enables the interconnection of more than two independent networks (autonomous systems), primarily for the purpose of facilitating the exchange of internet traffic, which provides interconnection only for autonomous systems and which neither requires the internet traffic passing between any pair of participating autonomous systems to pass through any third autonomous system nor alters or otherwise interferes with such traffic;’ means a network facility which enables the interconnection of more than two independent networks (autonomous systems), primarily for the purpose of facilitating the exchange of internet traffic, which provides interconnection only for autonomous systems and which neither requires the internet traffic passing between any pair of participating autonomous systems to pass through any third autonomous system nor alters or otherwise interferes with such traffic;

  19. domain name systemor ‘DNS’ means a hierarchical distributed naming system which enables the identification of internet services and resources, allowing end-user devices to use internet routing and connectivity services to reach those services and resources;’ or ‘DNS’ means a hierarchical distributed naming system which enables the identification of internet services and resources, allowing end-user devices to use internet routing and connectivity services to reach those services and resources;

  20. DNS service providermeans an entity that provides:publicly available recursive domain name resolution services for internet end-users; orauthoritative domain name resolution services for third-party use, with the exception of root name servers;’ means an entitymeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; that provides:

    1. publicly available recursive domain name resolution services for internet end-users; or

    2. authoritative domain name resolution services for third-party use, with the exception of root name servers;

  21. top-level domain name registryor ‘TLD name registry’ means an entity which has been delegated a specific TLD and is responsible for administering the TLD including the registration of domain names under the TLD and the technical operation of the TLD, including the operation of its name servers, the maintenance of its databases and the distribution of TLD zone files across name servers, irrespective of whether any of those operations are carried out by the entity itself or are outsourced, but excluding situations where TLD names are used by a registry only for its own use;’ or ‘TLD name registry’ means an entitymeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; which has been delegated a specific TLD and is responsible for administering the TLD including the registration of domain names under the TLD and the technical operation of the TLD, including the operation of its name servers, the maintenance of its databases and the distribution of TLD zone files across name servers, irrespective of whether any of those operations are carried out by the entitymeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; itself or are outsourced, but excluding situations where TLD names are used by a registry only for its own use;

  22. entity providing domain name registration servicesmeans a registrar or an agent acting on behalf of registrars, such as a privacy or proxy registration service provider or reseller;’ means a registrar or an agent acting on behalf of registrars, such as a privacy or proxy registration service provider or reseller;

  23. digital servicemeans a service as defined in Article 1(1), point (b), of Directive (EU) 2015/1535 of the European Parliament and of the Council(^30^);Directive (EU) 2015/1535 of the European Parliament and of the Council of 9 September 2015 laying down a procedure for the provision of information in the field of technical regulations and of rules on Information Society services (OJ L 241, 17.9.2015, p. 1).’ means a service as defined in Article 1(1), point (b), of Directive (EU) 2015/1535 of the European Parliament and of the Council(30)Directive (EU) 2015/1535 of the European Parliament and of the Council of 9 September 2015 laying down a procedure for the provision of information in the field of technical regulations and of rules on Information Society services (OJ L 241, 17.9.2015, p. 1).;

  24. trust servicemeans a trust service as defined in Article 3, point (16), of Regulation (EU) No 910/2014;’ means a trust servicemeans a trust service as defined in Article 3, point (16), of Regulation (EU) No 910/2014; as defined in Article 3, point (16), of Regulation (EU) No 910/2014;

  25. trust service providermeans a trust service provider as defined in Article 3, point (19), of Regulation (EU) No 910/2014;’ means a trust service providermeans a trust service provider as defined in Article 3, point (19), of Regulation (EU) No 910/2014; as defined in Article 3, point (19), of Regulation (EU) No 910/2014;

  26. qualified trust servicemeans a qualified trust service as defined in Article 3, point (17), of Regulation (EU) No 910/2014;’ means a qualified trust servicemeans a qualified trust service as defined in Article 3, point (17), of Regulation (EU) No 910/2014; as defined in Article 3, point (17), of Regulation (EU) No 910/2014;

  27. qualified trust service providermeans a qualified trust service provider as defined in Article 3, point (20), of Regulation (EU) No 910/2014;’ means a qualified trust service providermeans a qualified trust service provider as defined in Article 3, point (20), of Regulation (EU) No 910/2014; as defined in Article 3, point (20), of Regulation (EU) No 910/2014;

  28. online marketplacemeans an online marketplace as defined in Article 2, point (n), of Directive 2005/29/EC of the European Parliament and of the Council(^31^);’ means an online marketplacemeans an online marketplace as defined in Article 2, point (n), of Directive 2005/29/EC of the European Parliament and of the Council(^31^); as defined in Article 2, point (n), of Directive 2005/29/EC of the European Parliament and of the Council(31)Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005 concerning unfair business-to-consumer commercial practices in the internal market and amending Council Directive 84/450/EEC, Directives 97/7/EC, 98/27/EC and 2002/65/EC of the European Parliament and of the Council and Regulation (EC) No 2006/2004 of the European Parliament and of the Council (‘Unfair Commercial Practices Directive’) (OJ L 149, 11.6.2005, p. 22).;

  29. online search enginemeans an online search engine as defined in Article 2, point (5), of Regulation (EU) 2019/1150 of the European Parliament and of the Council(^32^);Regulation (EU) 2019/1150 of the European Parliament and of the Council of 20 June 2019 on promoting fairness and transparency for business users of online intermediation services (OJ L 186, 11.7.2019, p. 57).’ means an online search enginemeans an online search engine as defined in Article 2, point (5), of Regulation (EU) 2019/1150 of the European Parliament and of the Council(^32^);Regulation (EU) 2019/1150 of the European Parliament and of the Council of 20 June 2019 on promoting fairness and transparency for business users of online intermediation services (OJ L 186, 11.7.2019, p. 57). as defined in Article 2, point (5), of Regulation (EU) 2019/1150 of the European Parliament and of the Council(32)Regulation (EU) 2019/1150 of the European Parliament and of the Council of 20 June 2019 on promoting fairness and transparency for business users of online intermediation services (OJ L 186, 11.7.2019, p. 57).;

  30. cloud computing servicemeans a digital service that enables on-demand administration and broad remote access to a scalable and elastic pool of shareable computing resources, including where such resources are distributed across several locations;’ means a digital servicemeans a service as defined in Article 1(1), point (b), of Directive (EU) 2015/1535 of the European Parliament and of the Council(^30^);Directive (EU) 2015/1535 of the European Parliament and of the Council of 9 September 2015 laying down a procedure for the provision of information in the field of technical regulations and of rules on Information Society services (OJ L 241, 17.9.2015, p. 1). that enables on-demand administration and broad remote access to a scalable and elastic pool of shareable computing resources, including where such resources are distributed across several locations;

  31. data centre servicemeans a service that encompasses structures, or groups of structures, dedicated to the centralised accommodation, interconnection and operation of IT and network equipment providing data storage, processing and transport services together with all the facilities and infrastructures for power distribution and environmental control;’ means a service that encompasses structures, or groups of structures, dedicated to the centralised accommodation, interconnection and operation of IT and network equipment providing data storage, processing and transport services together with all the facilities and infrastructures for power distribution and environmental control;

  32. content delivery networkmeans a network of geographically distributed servers for the purpose of ensuring high availability, accessibility or fast delivery of digital content and services to internet users on behalf of content and service providers;’ means a network of geographically distributed servers for the purpose of ensuring high availability, accessibility or fast delivery of digital content and services to internet users on behalf of content and service providers;

  33. social networking services platformmeans a platform that enables end-users to connect, share, discover and communicate with each other across multiple devices, in particular via chats, posts, videos and recommendations;’ means a platform that enables end-users to connect, share, discover and communicate with each other across multiple devices, in particular via chats, posts, videos and recommendations;

  34. representativemeans a natural or legal person established in the Union explicitly designated to act on behalf of a DNS service provider, a TLD name registry, an entity providing domain name registration services, a cloud computing service provider, a data centre service provider, a content delivery network provider, a managed service provider, a managed security service provider, or a provider of an online marketplace, of an online search engine or of a social networking services platform that is not established in the Union, which may be addressed by a competent authority or a CSIRT in the place of the entity itself with regard to the obligations of that entity under this Directive;’ means a natural or legal person established in the Union explicitly designated to act on behalf of a DNS service providermeans an entity that provides:publicly available recursive domain name resolution services for internet end-users; orauthoritative domain name resolution services for third-party use, with the exception of root name servers;, a TLD name registry, an entity providing domain name registration servicesmeans a registrar or an agent acting on behalf of registrars, such as a privacy or proxy registration service provider or reseller;, a cloud computing servicemeans a digital service that enables on-demand administration and broad remote access to a scalable and elastic pool of shareable computing resources, including where such resources are distributed across several locations; provider, a data centre servicemeans a service that encompasses structures, or groups of structures, dedicated to the centralised accommodation, interconnection and operation of IT and network equipment providing data storage, processing and transport services together with all the facilities and infrastructures for power distribution and environmental control; provider, a content delivery networkmeans a network of geographically distributed servers for the purpose of ensuring high availability, accessibility or fast delivery of digital content and services to internet users on behalf of content and service providers; provider, a managed service providermeans an entity that provides services related to the installation, management, operation or maintenance of ICT products, networks, infrastructure, applications or any other network and information systems, via assistance or active administration carried out either on customers’ premises or remotely;, a managed security service providermeans a managed service provider that carries out or provides assistance for activities relating to cybersecurity risk management;, or a provider of an online marketplacemeans an online marketplace as defined in Article 2, point (n), of Directive 2005/29/EC of the European Parliament and of the Council(^31^);, of an online search enginemeans an online search engine as defined in Article 2, point (5), of Regulation (EU) 2019/1150 of the European Parliament and of the Council(^32^);Regulation (EU) 2019/1150 of the European Parliament and of the Council of 20 June 2019 on promoting fairness and transparency for business users of online intermediation services (OJ L 186, 11.7.2019, p. 57). or of a social networking services platformmeans a platform that enables end-users to connect, share, discover and communicate with each other across multiple devices, in particular via chats, posts, videos and recommendations; that is not established in the Union, which may be addressed by a competent authority or a CSIRT in the place of the entitymeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; itself with regard to the obligations of that entitymeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; under this Directive;

  35. public administration entitymeans an entity recognised as such in a Member State in accordance with national law, not including the judiciary, parliaments or central banks, which complies with the following criteria:it is established for the purpose of meeting needs in the general interest and does not have an industrial or commercial character;it has legal personality or is entitled by law to act on behalf of another entity with legal personality;it is financed, for the most part, by the State, regional authorities or by other bodies governed by public law, is subject to management supervision by those authorities or bodies, or has an administrative, managerial or supervisory board, more than half of whose members are appointed by the State, regional authorities or by other bodies governed by public law;it has the power to address to natural or legal persons administrative or regulatory decisions affecting their rights in the cross-border movement of persons, goods, services or capital;’ means an entitymeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; recognised as such in a Member State in accordance with national law, not including the judiciary, parliaments or central banks, which complies with the following criteria:

    1. it is established for the purpose of meeting needs in the general interest and does not have an industrial or commercial character;

    2. it has legal personality or is entitled by law to act on behalf of another entitymeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; with legal personality;

    3. it is financed, for the most part, by the State, regional authorities or by other bodies governed by public law, is subject to management supervision by those authorities or bodies, or has an administrative, managerial or supervisory board, more than half of whose members are appointed by the State, regional authorities or by other bodies governed by public law;

    4. it has the power to address to natural or legal persons administrative or regulatory decisions affecting their rights in the cross-border movement of persons, goods, services or capital;

  36. public electronic communications networkmeans a public electronic communications network as defined in Article 2, point (8), of Directive (EU) 2018/1972;’ means a public electronic communications networkmeans a public electronic communications network as defined in Article 2, point (8), of Directive (EU) 2018/1972; as defined in Article 2, point (8), of Directive (EU) 2018/1972;

  37. electronic communications servicemeans an electronic communications service as defined in Article 2, point (4), of Directive (EU) 2018/1972;’ means an electronic communications servicemeans an electronic communications service as defined in Article 2, point (4), of Directive (EU) 2018/1972; as defined in Article 2, point (4), of Directive (EU) 2018/1972;

  38. entitymeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;’ means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;

  39. managed service providermeans an entity that provides services related to the installation, management, operation or maintenance of ICT products, networks, infrastructure, applications or any other network and information systems, via assistance or active administration carried out either on customers’ premises or remotely;’ means an entitymeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; that provides services related to the installation, management, operation or maintenance of ICT productsmeans an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881;, networks, infrastructure, applications or any other network and information systemsmeans:an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972;any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; ordigital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance;, via assistance or active administration carried out either on customers’ premises or remotely;

  40. managed security service providermeans a managed service provider that carries out or provides assistance for activities relating to cybersecurity risk management;’ means a managed service providermeans an entity that provides services related to the installation, management, operation or maintenance of ICT products, networks, infrastructure, applications or any other network and information systems, via assistance or active administration carried out either on customers’ premises or remotely; that carries out or provides assistance for activities relating to cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; riskmeans the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; management;

  41. research organisationmeans an entity which has as its primary goal to conduct applied research or experimental development with a view to exploiting the results of that research for commercial purposes, but which does not include educational institutions.’ means an entitymeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; which has as its primary goal to conduct applied research or experimental development with a view to exploiting the results of that research for commercial purposes, but which does not include educational institutions.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod