Source: OJ L, 2024/2690, 18.10.2024
ENRecital 4 Principle of proportionality
As regards the implementation and application of the technical and the methodological requirements of cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; risk-management measures set out in the Annex to this Regulation, in line with the principle of proportionality, due account should be taken of the divergent risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; exposure of relevant entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;, such as the criticality of the relevant entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;, the risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; to which it is exposed, the relevant entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;’s size and structure as well as the likelihood of occurrence of incidents means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; and their severity, including their societal and economic impact, when complying with the technical and methodological requirements of cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; risk-management measures set out in the Annex to this Regulation.