Source: OJ L 333, 27.12.2022, p. 80–152
ENRecital 69 Large-scale cybersecurity incidents
In accordance with the Annex to Recommendation (EU) 2017/1584, a large-scale cybersecurity incident means an incident which causes a level of disruption that exceeds a Member State’s capacity to respond to it or which has a significant impact on at least two Member States; should mean an incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; which causes a level of disruption that exceeds a Member State’s capacity to respond to it or which has a significant impact on at least two Member States. Depending on their cause and impact, large-scale cybersecurity incidents means an incident which causes a level of disruption that exceeds a Member State’s capacity to respond to it or which has a significant impact on at least two Member States; may escalate and turn into fully-fledged crises not allowing the proper functioning of the internal market or posing serious public security and safety risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; for entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; or citizens in several Member States or the Union as a whole. Given the wide-ranging scope and, in most cases, the cross-border nature of such incidents means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555;, Member States and the relevant Union institutions, bodies, offices and agencies should cooperate at technical, operational and political level to properly coordinate the response across the Union.