Beta

Source: OJ L 2024/2847, 20.11.2024

EN

Recital 71 Sensitivity of information in notification

When manufacturers means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; notify an actively exploited vulnerability means a vulnerability for which there is reliable evidence that a malicious actor has exploited it in a system without permission of the system owner; or a severe incident having an impact on the security of the product with digital elements means an incident that negatively affects or is capable of negatively affecting the ability of a product with digital elements to protect the availability, authenticity, integrity or confidentiality of data or functions;, they should indicate how sensitive they consider the notified information to be. The CSIRT designated as coordinator means a CSIRT designated as coordinator pursuant to Article 12(1) of Directive (EU) 2022/2555. initially receiving the notification should take this information into account when assessing whether the notification gives rise to exceptional circumstances that justify a delay in the dissemination of the notification to the other relevant CSIRTs designated as coordinators means a CSIRT designated as coordinator pursuant to Article 12(1) of Directive (EU) 2022/2555. based on justified cybersecurity-related grounds. It should also take that information into account when assessing whether the notification of an actively exploited vulnerability means a vulnerability for which there is reliable evidence that a malicious actor has exploited it in a system without permission of the system owner; gives rise to particularly exceptional circumstances that justify that the full notification is not made available simultaneously to ENISA. Finally, CSIRTs designated as coordinators means a CSIRT designated as coordinator pursuant to Article 12(1) of Directive (EU) 2022/2555. should be able to take that information into account when determining appropriate measures to mitigate the risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; stemming from such vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; and incidents means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555;.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod