Art. 15 CSIRTs network | NIS 2 directive | NIS 2

1. In order to contribute to the development of confidence and trust and to promote swift and effective operational cooperation among Member States, a network of national CSIRTscomputer security incident response teams is established.
1. The CSIRTscomputer security incident response teams network shall be composed of representatives means a natural or legal person established in the Union explicitly designated to act on behalf of a DNS service provider, a TLD name registry, an entity providing domain name registration services, a cloud computing service provider, a data centre service provider, a content delivery network provider, a managed service provider, a managed security service provider, or a provider of an online marketplace, of an online search engine or of a social networking services platform that is not established in the Union, which may be addressed by a competent authority or a CSIRT in the place of the entity itself with regard to the obligations of that entity under this Directive; of the CSIRTscomputer security incident response teams designated or established pursuant to Article 10 and the computer emergency response team for the Union’s institutions, bodies and agencies (CERT-EU). The Commission shall participate in the CSIRTscomputer security incident response teams network as an observer. ENISA shall provide the secretariat and shall actively provide assistance for the cooperation among the CSIRTscomputer security incident response teams.
1. The CSIRTscomputer security incident response teams network shall have the following tasks:
  1. to exchange information about the CSIRTscomputer security incident response teams’ capabilities;
  2. to facilitate the sharing, transfer and exchange of technology and relevant measures, policies, tools, processes, best practices and frameworks among the CSIRTscomputer security incident response teams;
  3. to exchange relevant information about incidents means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555;, near misses, cyber threats means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881;, risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; and vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat;;
  4. to exchange information with regard to cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; publications and recommendations;
  5. to ensure interoperability with regard to information-sharing specifications and protocols;
  6. at the request of a member of the CSIRTscomputer security incident response teams network potentially affected by an incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555;, to exchange and discuss information in relation to that incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; and associated cyber threats means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881;, risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; and vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat;;
  7. at the request of a member of the CSIRTscomputer security incident response teams network, to discuss and, where possible, implement a coordinated response to an incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; that has been identified within the jurisdiction of that Member State;
  8. to provide Member States with assistance in addressing cross-border incidents means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; pursuant to this Directive;
  9. to cooperate, exchange best practices and provide assistance to the CSIRTs designated as coordinators means a CSIRT designated as coordinator pursuant to Article 12(1) of Directive (EU) 2022/2555. pursuant to Article 12(1) with regard to the management of the coordinated disclosure of vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; which could have a significant impact on entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; in more than one Member State;
  10. to discuss and identify further forms of operational cooperation, including in relation to:
    
    categories of cyber threats means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; and incidents means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555;;
    
    early warnings;
    
    mutual assistance;
    
    principles and arrangements for coordination in response to cross-border risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; and incidents means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555;;
    
    contribution to the national large-scale cybersecurity incident means an incident which causes a level of disruption that exceeds a Member State’s capacity to respond to it or which has a significant impact on at least two Member States; and crisis response plan referred to in Article 9(4) at the request of a Member State;
  11. to inform the Cooperation Group means a group as defined in Article 2, point (11), of Directive 2013/34/EU; of its activities and of the further forms of operational cooperation discussed pursuant to point (j), and, where necessary, request guidance in that regard;
  12. to take stock of cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; exercises, including those organised by ENISA;
  13. at the request of an individual CSIRT, to discuss the capabilities and preparedness of that CSIRT;
  14. to cooperate and exchange information with regional and Union-level Security Operations Centres (SOCs) in order to improve common situational awareness on incidents means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; and cyber threats means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; across the Union;
  15. where relevant, to discuss the peer-review reports referred to in Article 19(9);
  16. to provide guidelines in order to facilitate the convergence of operational practices with regard to the application of the provisions of this Article concerning operational cooperation.
1. By 17 January 2025, and every two years thereafter, the CSIRTscomputer security incident response teams network shall, for the purpose of the review referred to in Article 40, assess the progress made with regard to the operational cooperation and adopt a report. The report shall, in particular, draw up conclusions and recommendations on the basis of the outcome of the peer reviews referred to in Article 19, which are carried out in relation to the national CSIRTscomputer security incident response teams. That report shall be submitted to the Cooperation Group means a group as defined in Article 2, point (11), of Directive 2013/34/EU;.
1. The CSIRTscomputer security incident response teams network shall adopt its rules of procedure.
1. The CSIRTscomputer security incident response teams network and EU-CyCLONe shall agree on procedural arrangements and cooperate on the basis thereof.