Beta

Source: OJ L 333, 27.12.2022, pp. 164–198

EN

Recital 13 Strategy for resilience of critical entities

With a view to ensuring a comprehensive approach to the resilience means a critical entity’s ability to prevent, protect against, respond to, resist, mitigate, absorb, accommodate and recover from an incident; of critical entities means a public or private entity which has been identified by a Member State in accordance with Article 6 as belonging to one of the categories set out in the third column of the table in the Annex;, each Member State should have in place a strategy for enhancing the resilience means a critical entity’s ability to prevent, protect against, respond to, resist, mitigate, absorb, accommodate and recover from an incident; of critical entities means a public or private entity which has been identified by a Member State in accordance with Article 6 as belonging to one of the categories set out in the third column of the table in the Annex; (the ‘strategy’). The strategy should set out the strategic objectives and policy measures to be implemented. In the interests of coherence and efficiency, the strategy should be designed to seamlessly integrate existing policies, building, wherever possible, upon relevant existing national and sectoral strategies, plans or similar documents. In order to achieve a comprehensive approach, Member States should ensure that their strategies provide for a policy framework for enhanced coordination between the competent authorities under this Directive and the competent authorities under Directive (EU) 2022/2555 in the context of information sharing on cybersecurity risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident;, cyber threats and cyber incidents means an event which has the potential to significantly disrupt, or that disrupts, the provision of an essential service, including when it affects the national systems that safeguard the rule of law; and non-cyber risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident;, threats and incidents means an event which has the potential to significantly disrupt, or that disrupts, the provision of an essential service, including when it affects the national systems that safeguard the rule of law; and in the context of the exercise of supervisory tasks. When putting in place their strategies, Member States should take due account of the hybrid nature of threats to critical entities means a public or private entity which has been identified by a Member State in accordance with Article 6 as belonging to one of the categories set out in the third column of the table in the Annex;.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod