Beta

Source: OJ L 333, 27.12.2022, p. 1–79

EN

Recital 15 Inconsistencies in NIS addressed by NIS2

Directive (EU) 2016/1148 of the European Parliament and of the Council(7)Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (OJ L 194, 19.7.2016, p. 1). was the first horizontal cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; framework enacted at Union level, applying also to three types of financial entitiesas defined in Article 2, points (a) to (t), namely credit institutions means a credit institution as defined in Article 4(1), point (1), of Regulation (EU) No 575/2013 of the European Parliament and of the Council (^32^); Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and amending Regulation (EU) No 648/2012 (OJ L 176, 27.6.2013, p. 1)., trading venues means a trading venue as defined in Article 4(1), point (24), of Directive 2014/65/EU; and central counterparties means a central counterparty as defined in Article 2, point (1), of Regulation (EU) No 648/2012;. However, since Directive (EU) 2016/1148 set out a mechanism of identification at national level of operators of essential services, only certain credit institutions means a credit institution as defined in Article 4(1), point (1), of Regulation (EU) No 575/2013 of the European Parliament and of the Council (^32^); Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and amending Regulation (EU) No 648/2012 (OJ L 176, 27.6.2013, p. 1)., trading venues means a trading venue as defined in Article 4(1), point (24), of Directive 2014/65/EU; and central counterparties means a central counterparty as defined in Article 2, point (1), of Regulation (EU) No 648/2012; that were identified by the Member States, have been brought into its scope in practice, and hence required to comply with the ICT security and incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; notification requirements laid down in it. Directive (EU) 2022/2555 of the European Parliament and of the Council(8)Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive) (see page 80 of this Official Journal). sets a uniform criterion to determine the entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; falling within its scope of application (size-cap rule) while also keeping the three types of financial entitiesas defined in Article 2, points (a) to (t) in its scope.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod