My favourites

Chapter VII – Supervision and enforcement (Art. 31-37)

Art. 31 NIS2 - General aspects concerning supervision and enforcement arrow_right_alt

Art. 32 NIS2 - Supervisory and enforcement measures in relation to essential entities arrow_right_alt

Art. 33 NIS2 - Supervisory and enforcement measures in relation to important entities arrow_right_alt

Art. 34 NIS2 - General conditions for imposing administrative fines on essential and important entities arrow_right_alt

Art. 35 NIS2 - Infringements entailing a personal data breach arrow_right_alt

  1. Where the competent authorities become aware in the course of supervision or enforcement that the infringement by an essential or important entity of the obligations laid down in Articles 21 and 23 of this Directive can entail a personal data breach, as defined in Article 4, point (12), of Regulation (EU) 2016/679 which is to be notified pursuant to Article 33 of that Regulation, they shall, without undue delay, inform the supervisory authorities as referred to in Article 55 or 56 of that Regulation.
  2. Where the supervisory authorities as referred to in Article 55 or 56 of Regulation (EU) 2016/679 impose an administrative fine pursuant to Article 58(2), point (i), of that Regulation, the competent authorities shall not impose an administrative fine pursuant to Article 34 of this Directive for an infringement referred to in paragraph 1 of this Article arising from the same conduct as that which was the subject of the administrative fine under Article 58(2), point (i), of Regulation (EU) 2016/679. The competent authorities may, however, impose the enforcement measures provided for in Article 32(4), points (a) to (h), Article 32(5) and Article 33(4), points (a) to (g), of this Directive.
  3. Where the supervisory authority competent pursuant to Regulation (EU) 2016/679 is established in another Member State than the competent authority, the competent authority shall inform the supervisory authority established in its own Member State of the potential data breach referred to in paragraph 1.
Related
Close tabsclose
  • 136

Recital 136

This Directive should establish cooperation rules between the competent authorities and the supervisory authorities under Regulation (EU) 2016/679 to deal with infringements of this Directive related to personal data.

Art. 36 NIS2 - Penalties arrow_right_alt

Art. 37 NIS2 - Mutual assistance arrow_right_alt