Art. 37 Mutual assistance | NIS 2 directive |

1. Where an entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; provides services in more than one Member State, or provides services in one or more Member States and its network and information systems means: any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; or digital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance; an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972; are located in one or more other Member States, the competent authoritiesas defined in Article 46 of the Member States concerned shall cooperate with and assist each other as necessary. That cooperation shall entail, at least, that:
  1. the competent authoritiesas defined in Article 46 applying supervisory or enforcement measures in a Member State shall, via the single point of contact, inform and consult the competent authoritiesas defined in Article 46 in the other Member States concerned on the supervisory and enforcement measures taken;
  2. a competent authorityas defined in Article 46 may request another competent authorityas defined in Article 46 to take supervisory or enforcement measures;
  3. a competent authorityas defined in Article 46 shall, upon receipt of a substantiated request from another competent authorityas defined in Article 46, provide the other competent authorityas defined in Article 46 with mutual assistance proportionate to its own resources so that the supervisory or enforcement measures can be implemented in an effective, efficient and consistent manner.
2. The mutual assistance referred to in the first subparagraph, point (c), may cover information requests and supervisory measures, including requests to carry out on-site inspections or off-site supervision or targeted security audits. A competent authorityas defined in Article 46 to which a request for assistance is addressed shall not refuse that request unless it is established that it does not have the competence to provide the requested assistance, the requested assistance is not proportionate to the supervisory tasks of the competent authorityas defined in Article 46, or the request concerns information or entails activities which, if disclosed or carried out, would be contrary to the essential interests of the Member State’s national security, public security or defence. Before refusing such a request, the competent authorityas defined in Article 46 shall consult the other competent authoritiesas defined in Article 46 concerned as well as, upon the request of one of the Member States concerned, the Commission and ENISA.
1. Where appropriate and with common agreement, the competent authoritiesas defined in Article 46 of various Member States may carry out joint supervisory actions.