My favourites

Chapter II – Coordinated Cybersecurity frameworks (Art. 7-13)

Art. 7 NIS2 - National cybersecurity strategy arrow_right_alt

Art. 8 NIS2 - Competent authorities and single points of contact arrow_right_alt

  1. Each Member State shall designate or establish one or more competent authorities responsible for cybersecurity and for the supervisory tasks referred to in Chapter VII (competent authorities).
  2. The competent authorities referred to in paragraph 1 shall monitor the implementation of this Directive at national level.
  3. Each Member State shall designate or establish a single point of contact. Where a Member State designates or establishes only one competent authority pursuant to paragraph 1, that competent authority shall also be the single point of contact for that Member State.
  4. Each single point of contact shall exercise a liaison function to ensure cross-border cooperation of its Member State’s authorities with the relevant authorities of other Member States, and, where appropriate, with the Commission and ENISA, as well as to ensure cross-sectoral cooperation with other competent authorities within its Member State.
  5. Member States shall ensure that their competent authorities and single points of contact have adequate resources to carry out, in an effective and efficient manner, the tasks assigned to them and thereby to fulfil the objectives of this Directive.
  6. Each Member State shall notify the Commission without undue delay of the identity of the competent authority referred to in paragraph 1 and of the single point of contact referred to in paragraph 3, of the tasks of those authorities, and of any subsequent changes thereto. Each Member State shall make public the identity of its competent authority. The Commission shall make a list of the single points of contact publicly available.
Related
Close tabsclose
  • 38
  • 39
  • 40

Recital 38

In view of the differences in national governance structures and in order to safeguard already existing sectoral arrangements or Union supervisory and regulatory bodies, Member States should be able to designate or establish one or more competent authorities responsible for cybersecurity and for the supervisory tasks under this Directive.

Recital 39

In order to facilitate cross-border cooperation and communication among authorities and to enable this Directive to be implemented effectively, it is necessary for each Member State to designate a single point of contact responsible for coordinating issues related to the security of network and information systems and cross-border cooperation at Union level.

Recital 40

The single points of contact should ensure effective cross-border cooperation with relevant authorities of other Member States and, where appropriate, with the Commission and ENISA. The single points of contact should therefore be tasked with forwarding notifications of significant incidents with cross-border impact to the single points of contact of other affected Member States upon the request of the CSIRT or the competent authority. At national level, the single points of contact should enable smooth cross-sectoral cooperation with other competent authorities. The single points of contact could also be the addressees of relevant information about incidents concerning financial entities from the competent authorities under Regulation (EU) 2022/2554 which they should be able to forward, as appropriate, to the CSIRTs or the competent authorities under this Directive.

Art. 9 NIS2 - National cyber crisis management frameworks arrow_right_alt

Art. 10 NIS2 - Computer security incident response teams (CSIRTs) arrow_right_alt

Art. 11 NIS2 - Requirements, technical capabilities and tasks of CSIRTs arrow_right_alt

Art. 12 NIS2 - Coordinated vulnerability disclosure and a European vulnerability database arrow_right_alt

Art. 13 NIS2 - Cooperation at national level arrow_right_alt