Art. 18 Report on the state of cybersecurity in the Union | NIS 2 directive |

1. ENISA shall adopt, in cooperation with the Commission and the Cooperation Group means a group as defined in Article 2, point (11), of Directive 2013/34/EU;, a biennial report on the state of cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; in the Union and shall submit and present that report to the European Parliament. The report shall, inter alia, be made available in machine-readable data and include the following:
  1. a Union-level cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; assessment, taking account of the cyber threat means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; landscape;
  2. an assessment of the development of cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; capabilities in the public and private sectors across the Union;
  3. an assessment of the general level of cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; awareness and cyber hygiene among citizens and entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;, including small and medium-sized enterprises means a financial entity that is not a small enterprise and employs fewer than 250 persons and has an annual turnover that does not exceed EUR 50 million and/or an annual balance sheet that does not exceed EUR 43 million;;
  4. an aggregated assessment of the outcome of the peer reviews referred to in Article 19;
  5. an aggregated assessment of the level of maturity of cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; capabilities and resources across the Union, including those at sector level, as well as of the extent to which the Member States’ national cybersecurity strategies means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881;are aligned.
1. The report shall include particular policy recommendations, with a view to addressing shortcomings and increasing the level of cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; across the Union, and a summary of the findings for the particular period from the EU Cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; Technical Situation Reports on incidents means an event compromising the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, network and information systems; and cyber threats means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; prepared by ENISA in accordance with Article 7(6) of Regulation (EU) 2019/881.
1. ENISA, in cooperation with the Commission, the Cooperation Group means a group as defined in Article 2, point (11), of Directive 2013/34/EU; and the CSIRTscomputer security incident response teams network, shall develop the methodology, including the relevant variables, such as quantitative and qualitative indicators, of the aggregated assessment referred to in paragraph 1, point (e).