Art. 16 European cyber crisis liaison organisation network (EU-CyCLONe) | NIS 2 directive |

1. EU-CyCLONe is established to support the coordinated management of large-scale cybersecurity incidents means an incident which causes a level of disruption that exceeds a Member State’s capacity to respond to it or which has a significant impact on at least two Member States; and crises at operational level and to ensure the regular exchange of relevant information among Member States and Union institutions, bodies, offices and agencies.
1. EU-CyCLONe shall be composed of the representatives means a natural or legal person established in the Union explicitly designated to act on behalf of a DNS service provider, a TLD name registry, an entity providing domain name registration services, a cloud computing service provider, a data centre service provider, a content delivery network provider, a managed service provider, a managed security service provider, or a provider of an online marketplace, of an online search engine or of a social networking services platform that is not established in the Union, which may be addressed by a competent authority or a CSIRT in the place of the entity itself with regard to the obligations of that entity under this Directive; it has legal personality or is entitled by law to act on behalf of another entity with legal personality; it has the power to address to natural or legal persons administrative or regulatory decisions affecting their rights in the cross-border movement of persons, goods, services or capital; it is financed, for the most part, by the State, regional authorities or by other bodies governed by public law, is subject to management supervision by those authorities or bodies, or has an administrative, managerial or supervisory board, more than half of whose members are appointed by the State, regional authorities or by other bodies governed by public law; it is established for the purpose of meeting needs in the general interest and does not have an industrial or commercial character; of Member States’ cyber crisis management authorities as well as, in cases where a potential or ongoing large-scale cybersecurity incident means an incident which causes a level of disruption that exceeds a Member State’s capacity to respond to it or which has a significant impact on at least two Member States; has or is likely to have a significant impact on services and activities falling within the scope of this Directive, the Commission. In other cases, the Commission shall participate in the activities of EU-CyCLONe as an observer.
2. ENISA shall provide the secretariat of EU-CyCLONe and support the secure exchange of information as well as provide necessary tools to support cooperation between Member States ensuring secure exchange of information.
3. Where appropriate, EU-CyCLONe may invite representatives means a natural or legal person established in the Union explicitly designated to act on behalf of a DNS service provider, a TLD name registry, an entity providing domain name registration services, a cloud computing service provider, a data centre service provider, a content delivery network provider, a managed service provider, a managed security service provider, or a provider of an online marketplace, of an online search engine or of a social networking services platform that is not established in the Union, which may be addressed by a competent authority or a CSIRT in the place of the entity itself with regard to the obligations of that entity under this Directive; it has legal personality or is entitled by law to act on behalf of another entity with legal personality; it has the power to address to natural or legal persons administrative or regulatory decisions affecting their rights in the cross-border movement of persons, goods, services or capital; it is financed, for the most part, by the State, regional authorities or by other bodies governed by public law, is subject to management supervision by those authorities or bodies, or has an administrative, managerial or supervisory board, more than half of whose members are appointed by the State, regional authorities or by other bodies governed by public law; it is established for the purpose of meeting needs in the general interest and does not have an industrial or commercial character; of relevant stakeholders to participate in its work as observers.
1. EU-CyCLONe shall have the following tasks:
  1. to increase the level of preparedness of the management of large-scale cybersecurity incidents means an incident which causes a level of disruption that exceeds a Member State’s capacity to respond to it or which has a significant impact on at least two Member States; and crises;
  2. to develop a shared situational awareness for large-scale cybersecurity incidents means an incident which causes a level of disruption that exceeds a Member State’s capacity to respond to it or which has a significant impact on at least two Member States; and crises;
  3. to assess the consequences and impact of relevant large-scale cybersecurity incidents means an incident which causes a level of disruption that exceeds a Member State’s capacity to respond to it or which has a significant impact on at least two Member States; and crises and propose possible mitigation measures;
  4. to coordinate the management of large-scale cybersecurity incidents means an incident which causes a level of disruption that exceeds a Member State’s capacity to respond to it or which has a significant impact on at least two Member States; and crises and support decision-making at political level in relation to such incidents means an event compromising the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, network and information systems; and crises;
  5. to discuss, upon the request of a Member State concerned, national large-scale cybersecurity incident means an incident which causes a level of disruption that exceeds a Member State’s capacity to respond to it or which has a significant impact on at least two Member States; and crisis response plans referred to in Article 9(4).
1. EU-CyCLONe shall adopt its rules of procedure.
1. EU-CyCLONe shall report on a regular basis to the Cooperation Group means a group as defined in Article 2, point (11), of Directive 2013/34/EU; on the management of large-scale cybersecurity incidents means an incident which causes a level of disruption that exceeds a Member State’s capacity to respond to it or which has a significant impact on at least two Member States; and crises, as well as trends, focusing in particular on their impact on essential and important entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;.
1. EU-CyCLONe shall cooperate with the CSIRTscomputer security incident response teams network on the basis of agreed procedural arrangements provided for in Article 15(6).
1. By 17 July 2024 and every 18 months thereafter, EU-CyCLONe shall submit to the European Parliament and to the Council a report assessing its work.