Art. 29 Cybersecurity information-sharing arrangements | NIS 2 directive |

1. Member States shall ensure that entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; falling within the scope of this Directive and, where relevant, other entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; not falling within the scope of this Directive are able to exchange on a voluntary basis relevant cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; information among themselves, including information relating to cyber threats means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881;, near misses, vulnerabilities means a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat;, techniques and procedures, indicators of compromise, adversarial tactics, threat-actor-specific information, cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; alerts and recommendations regarding configuration of cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; tools to detect cyberattacks, where such information sharing:
  1. aims to prevent, detect, respond to or recover from incidents means an event compromising the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, network and information systems; or to mitigate their impact;
  2. enhances the level of cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881;, in particular through raising awareness in relation to cyber threats means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881;, limiting or impeding the ability of such threats to spread, supporting a range of defensive capabilities, vulnerability means a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; remediation and disclosure, threat detection, containment and prevention techniques, mitigation strategies, or response and recovery stages or promoting collaborative cyber threat means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; research between public and private entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;.
1. Member States shall ensure that the exchange of information takes place within communities of essential and important entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;, and where relevant, their suppliers or service providers. Such exchange shall be implemented through cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; information-sharing arrangements in respect of the potentially sensitive nature of the information shared.
1. Member States shall facilitate the establishment of cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; information-sharing arrangements referred to in paragraph 2 of this Article. Such arrangements may specify operational elements, including the use of dedicated ICT platforms and automation tools, content and conditions of the information-sharing arrangements. In laying down the details of the involvement of public authorities means any government or other public administration entity, including national central banks. in such arrangements, Member States may impose conditions on the information made available by the competent authoritiesas defined in Article 46 or the CSIRTscomputer security incident response teams. Member States shall offer assistance for the application of such arrangements in accordance with their policies referred to in Article 7(2), point (h).
1. Member States shall ensure that essential and important entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; notify the competent authoritiesas defined in Article 46 of their participation in the cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; information-sharing arrangements referred to in paragraph 2, upon entering into such arrangements, or, as applicable, of their withdrawal from such arrangements, once the withdrawal takes effect.
1. ENISA shall provide assistance for the establishment of cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; information-sharing arrangements referred to in paragraph 2 by exchanging best practices and providing guidance.