Cybersecurity Act
Table of Contents
Chapter I – GENERAL PROVISIONS
Chapter II – ENISA (THE EUROPEAN UNION AGENCY FOR CYBERSECURITY)
Chapter III – CYBERSECURITY CERTIFICATION FRAMEWORK
Chapter IV – FINAL PROVISIONS
Recitals (110)
Annexes
Chapter II – ENISA (THE EUROPEAN UNION AGENCY FOR CYBERSECURITY)
Article 27
Confidentiality
1. Without prejudice to Article 28, ENISA shall not divulge to third parties information that it processes or receives in relation to which a reasoned request for confidential treatment has been made.
2. Members of the Management Board, the Executive Director, the members of the ENISA Advisory Group, external experts participating in ad hoc working groups, and members of the staff of ENISA, including officials seconded by Member States on a temporary basis, shall comply with the confidentiality requirements of Article 339 TFEU, even after their duties have ceased.
3. ENISA shall lay down, in its internal rules of operation, the practical arrangements for implementing the confidentiality rules referred to in paragraphs 1 and 2.
4. If required for the performance of ENISA’s tasks, the Management Board shall decide to allow ENISA to handle classified information. In that case ENISA, in agreement with the Commission services, shall adopt security rules applying the security principles set out in Commission Decisions (EU, Euratom) 2015/443 ( 4 ) and 2015/444 ( 5 ). Those security rules shall include provisions for the exchange, processing and storage of classified information.