Art. 24 Use of European cybersecurity certification schemes | NIS 2 directive |

1. In order to demonstrate compliance with particular requirements of Article 21, Member States may require essential and important entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; to use particular ICT products means an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881;, ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; and ICT processes, developed by the essential or important entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; or procured from third parties, that are certified under European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification schemes adopted pursuant to Article 49 of Regulation (EU) 2019/881. Furthermore, Member States shall encourage essential and important entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; to use qualified trust services means a qualified trust service as defined in Article 3, point (17), of Regulation (EU) No 910/2014;.
1. The Commission is empowered to adopt delegated acts, in accordance with Article 38, to supplement this Directive by specifying which categories of essential and important entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; are to be required to use certain certified ICT products means an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881;, ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; and ICT processes or obtain a certificate under a European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification scheme adopted pursuant to Article 49 of Regulation (EU) 2019/881. Those delegated acts shall be adopted where insufficient levels of cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; have been identified and shall include an implementation period.
2. Before adopting such delegated acts, the Commission shall carry out an impact assessment and shall carry out consultations in accordance with Article 56 of Regulation (EU) 2019/881.
1. Where no appropriate European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification scheme for the purposes of paragraph 2 of this Article is available, the Commission may, after consulting the Cooperation Group means a group as defined in Article 2, point (11), of Directive 2013/34/EU; and the European Cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; Certification Group means a group as defined in Article 2, point (11), of Directive 2013/34/EU;, request ENISA to prepare a candidate scheme pursuant to Article 48(2) of Regulation (EU) 2019/881.