Source: OJ L 333, 27.12.2022, p. 80–152
ENRecital 22 Additional sector-specific implementing acts
This Directive sets out the baseline for cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; risk-management measures and reporting obligations across the sectors that fall within its scope. In order to avoid the fragmentation of cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; provisions of Union legal acts, where further sector-specific Union legal acts pertaining to cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; risk-management measures and reporting obligations are considered to be necessary to ensure a high level of cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; across the Union, the Commission should assess whether such further provisions could be stipulated in an implementing act under this Directive. Should such an implementing act not be suitable for that purpose, sector-specific Union legal acts could contribute to ensuring a high level of cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; across the Union, while taking full account of the specificities and complexities of the sectors concerned. To that end, this Directive does not preclude the adoption of further sector-specific Union legal acts addressing cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; risk-management measures and reporting obligations that take due account of the need for a comprehensive and consistent cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; framework. This Directive is without prejudice to the existing implementing powers that have been conferred on the Commission in a number of sectors, including transport and energy.