NIS2 Directive
Table of Contents
Chapter I – GENERAL PROVISIONS
Chapter II – COORDINATED CYBERSECURITY FRAMEWORKS
Chapter III – COOPERATION AT UNION AND INTERNATIONAL LEVEL
Chapter IV – CYBERSECURITY RISK-MANAGEMENT MEASURES AND REPORTING OBLIGATIONS
Chapter V – JURISDICTION AND REGISTRATION
Chapter VI – INFORMATION SHARING
Chapter VII – SUPERVISION AND ENFORCEMENT
Chapter VIII – DELEGATED AND IMPLEMENTING ACTS
Chapter IX – FINAL PROVISIONS
Recitals (144)
Annexes
Chapter II – COORDINATED CYBERSECURITY FRAMEWORKS
Article 13
Cooperation at national level
1. Where they are separate, the competent authorities, the single point of contact and the CSIRTs of the same Member State shall cooperate with each other with regard to the fulfilment of the obligations laid down in this Directive.
2. Member States shall ensure that their CSIRTs or, where applicable, their competent authorities, receive notifications of significant incidents pursuant to Article 23, and incidents, cyber threats and near misses pursuant to Article 30.
3. Member States shall ensure that their CSIRTs or, where applicable, their competent authorities inform their single points of contact of notifications of incidents, cyber threats and near misses submitted pursuant to this Directive.
4. In order to ensure that the tasks and obligations of the competent authorities, the single points of contact and the CSIRTs are carried out effectively, Member States shall, to the extent possible, ensure appropriate cooperation between those bodies and law enforcement authorities, data protection authorities, the national authorities under Civil Aviation Security Regulation and (EU) 2018/1139, the supervisory bodies under eIDAS Regulation (Electronic Identification), the competent authorities under Digital Operational Resilience Act (DORA), the national regulatory authorities under European Electronic Communications Code (EECC), the competent authorities under Critical Entities Resilience Directive (CER), as well as the competent authorities under other sector-specific Union legal acts, within that Member State.
5. Member States shall ensure that their competent authorities under this Directive and their competent authorities under Critical Entities Resilience Directive (CER) cooperate and exchange information on a regular basis with regard to the identification of critical entities, on risks, cyber threats, and incidents as well as on non-cyber risks, threats and incidents affecting entities identified as critical entities under Critical Entities Resilience Directive (CER), and the measures taken in response to such risks, threats and incidents. Member States shall also ensure that their competent authorities under this Directive and their competent authorities under eIDAS Regulation (Electronic Identification), Digital Operational Resilience Act (DORA) and European Electronic Communications Code (EECC) exchange relevant information on a regular basis, including with regard to relevant incidents and cyber threats.
6. Member States shall simplify the reporting through technical means for notifications referred to in Articles 23 and 30.