icon-grid
Better Regulation logo
Table of Contents

Table of Contents

Expand all headings Collapse all headings Expand side bar Collapse side bar
Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive) (Text with EEA relevance)RecitalsChapter I General Provisions (arts. 1-6)Article 1 Subject matterArticle 2 ScopeArticle 3 Essential and important entitiesArticle 4 Sector-specific Union legal actsArticle 5 Minimum harmonisationArticle 6 DefinitionsChapter II Coordinated Cybersecurity Frameworks (arts. 7-13)Article 7 National cybersecurity strategyArticle 8 Competent authorities and single points of contactArticle 9 National cyber crisis management frameworksArticle 10 Computer security incident response teams (CSIRTs)Article 11 Requirements, technical capabilities and tasks of CSIRTsArticle 12 Coordinated vulnerability disclosure and a European vulnerability databaseArticle 13 Cooperation at national levelChapter III Cooperation at Union and International Level (arts. 14-19)Article 14 Cooperation GroupArticle 15 CSIRTs networkArticle 16 European cyber crisis liaison organisation network (EU-CyCLONe)Article 17 International cooperationArticle 18 Report on the state of cybersecurity in the UnionArticle 19 Peer reviewsChapter IV Cybersecurity Risk-Management Measures and Reporting Obligations (arts. 20-25)Article 20 GovernanceArticle 21 Cybersecurity risk-management measuresArticle 22 Union level coordinated security risk assessments of critical supply chainsArticle 23 Reporting obligationsArticle 24 Use of European cybersecurity certification schemesArticle 25 StandardisationChapter V Jurisdiction and Registration (arts. 26-28)Article 26 Jurisdiction and territorialityArticle 27 Registry of entitiesArticle 28 Database of domain name registration dataChapter VI Information Sharing (arts. 29-30)Article 29 Cybersecurity information-sharing arrangementsArticle 30 Voluntary notification of relevant informationChapter VII Supervision and Enforcement (arts. 31-37)Article 31 General aspects concerning supervision and enforcementArticle 32 Supervisory and enforcement measures in relation to essential entitiesArticle 33 Supervisory and enforcement measures in relation to important entitiesArticle 34 General conditions for imposing administrative fines on essential and important entitiesArticle 35 Infringements entailing a personal data breachArticle 36 PenaltiesArticle 37 Mutual assistanceChapter VIII Delegated and Implementing Acts (arts. 38-39)Article 38 Exercise of the delegationArticle 39 Committee procedureChapter IX Final Provisions (arts. 40-46)Article 40 ReviewArticle 41 TranspositionArticle 42 Amendment of Regulation (EU) No 910/2014Article 43 Amendment of Directive (EU) 2018/1972Article 44 RepealArticle 45 Entry into forceArticle 46 AddresseesAnnex I Sectors of high criticalityAnnex II Other Critical SectorsAnnex III Correlation TableDone at
Related
Document Overview
Tools
Set a date to view the document
Text comparison options
Full text - Date 1 vs Date 2
Amendments requiring commencement - Current text vs Text requiring commencement
Draft proposed changes - Current text vs Text proposed by drafting documents
Coming soon: Any documents - Any document vs Another document at any date
Print / Export options
Whole document
Selected pages
Consolidated PDF of the entire document as of 26th December 2024
Original PDF
Export
Export line by line
Export provision to provision
Report template
Create report template
Alert me to changes
Manage alerts
Bookmarks
This document
Manage bookmarks
Search within this document
View previous searches
Share
Original source link (1)
Original source link (2)
Get page link
Share via email application
Next
Version status: Entered into force | Document consolidation status: Updated to reflect all known changes
Published date: 27 December 2022

Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive) (Text with EEA relevance)

Recitals
Chapter I General Provisions (arts. 1-6)
Article 1 Subject matter
Article 2 Scope
Article 3 Essential and important entities
Article 4 Sector-specific Union legal acts
Article 5 Minimum harmonisation
Article 6 Definitions
Chapter II Coordinated Cybersecurity Frameworks (arts. 7-13)
Article 7 National cybersecurity strategy
Article 8 Competent authorities and single points of contact
Article 9 National cyber crisis management frameworks
Article 10 Computer security incident response teams (CSIRTs)
Article 11 Requirements, technical capabilities and tasks of CSIRTs
Article 12 Coordinated vulnerability disclosure and a European vulnerability database
Article 13 Cooperation at national level
Chapter III Cooperation at Union and International Level (arts. 14-19)
Article 14 Cooperation Group
Article 15 CSIRTs network
Article 16 European cyber crisis liaison organisation network (EU-CyCLONe)
Article 17 International cooperation
Article 18 Report on the state of cybersecurity in the Union
Article 19 Peer reviews
Chapter IV Cybersecurity Risk-Management Measures and Reporting Obligations (arts. 20-25)
Article 20 Governance
Article 21 Cybersecurity risk-management measures
Article 22 Union level coordinated security risk assessments of critical supply chains
Article 23 Reporting obligations
Article 24 Use of European cybersecurity certification schemes
Article 25 Standardisation
Chapter V Jurisdiction and Registration (arts. 26-28)
Article 26 Jurisdiction and territoriality
Article 27 Registry of entities
Article 28 Database of domain name registration data
Chapter VI Information Sharing (arts. 29-30)
Article 29 Cybersecurity information-sharing arrangements
Article 30 Voluntary notification of relevant information
Chapter VII Supervision and Enforcement (arts. 31-37)
Article 31 General aspects concerning supervision and enforcement
Article 32 Supervisory and enforcement measures in relation to essential entities
Article 33 Supervisory and enforcement measures in relation to important entities
Article 34 General conditions for imposing administrative fines on essential and important entities
Article 35 Infringements entailing a personal data breach
Article 36 Penalties
Article 37 Mutual assistance
Chapter VIII Delegated and Implementing Acts (arts. 38-39)
Article 38 Exercise of the delegation
Article 39 Committee procedure
Chapter IX Final Provisions (arts. 40-46)
Article 40 Review
Article 41 Transposition
Article 42 Amendment of Regulation (EU) No 910/2014
Article 43 Amendment of Directive (EU) 2018/1972
Article 44 Repeal
Article 45 Entry into force
Article 46 Addressees
Annex I Sectors of high criticality
Annex II Other Critical Sectors
Annex III Correlation Table
Done at
Next