My favourites

Chapter IV – Cybersecurity risk-management measures and reporting obligations (Art. 20-25)

Art. 20 NIS2 - Governance arrow_right_alt

Art. 21 NIS2 - Cybersecurity risk-management measures arrow_right_alt

Art. 22 NIS2 - Union level coordinated security risk assessments of critical supply chains arrow_right_alt

Art. 23 NIS2 - Reporting obligations arrow_right_alt

Art. 24 NIS2 - Use of European cybersecurity certification schemes arrow_right_alt

Art. 25 NIS2 - Standardisation arrow_right_alt

  1. In order to promote the convergent implementation of Article 21(1) and (2), Member States shall, without imposing or discriminating in favour of the use of a particular type of technology, encourage the use of European and international standards and technical specifications relevant to the security of network and information systems.
  2. ENISA, in cooperation with Member States, and, where appropriate, after consulting relevant stakeholders, shall draw up advice and guidelines regarding the technical areas to be considered in relation to paragraph 1 as well as regarding already existing standards, including national standards, which would allow for those areas to be covered.
Close tabsclose
  • 51
  • 100

Recital 51

Member States should encourage the use of any innovative technology, including artificial intelligence, the use of which could improve the detection and prevention of cyberattacks, enabling resources to be diverted towards cyberattacks more effectively. Member States should therefore encourage in their national cybersecurity strategy activities in research and development to facilitate the use of such technologies, in particular those relating to automated or semi-automated tools in cybersecurity, and, where relevant, the sharing of data needed for training users of such technology and for improving it. The use of any innovative technology, including artificial intelligence, should comply with Union data protection law, including the data protection principles of data accuracy, data minimisation, fairness and transparency, and data security, such as state-of-the-art encryption. The requirements of data protection by design and by default laid down in Regulation (EU) 2016/679 should be fully exploited.

Recital 100

In order to safeguard the functionality and integrity of the internet and to promote the security and resilience of the DNS, relevant stakeholders including Union private-sector entities, providers of publicly available electronic communications services, in particular internet access service providers, and providers of online search engines should be encouraged to adopt a DNS resolution diversification strategy. Furthermore, Member States should encourage the development and use of a public and secure European DNS resolver service.