NIS2 Directive
Table of Contents
Chapter I – GENERAL PROVISIONS
Chapter II – COORDINATED CYBERSECURITY FRAMEWORKS
Chapter III – COOPERATION AT UNION AND INTERNATIONAL LEVEL
Chapter IV – CYBERSECURITY RISK-MANAGEMENT MEASURES AND REPORTING OBLIGATIONS
Chapter V – JURISDICTION AND REGISTRATION
Chapter VI – INFORMATION SHARING
Chapter VII – SUPERVISION AND ENFORCEMENT
Chapter VIII – DELEGATED AND IMPLEMENTING ACTS
Chapter IX – FINAL PROVISIONS
Recitals (144)
Annexes
Recital 90
(90) To further address key supply chain risks and assist essential and important entities operating in sectors covered by this Directive to appropriately manage supply chain and supplier related risks, the Cooperation Group, in cooperation with the Commission and ENISA, and where appropriate after consulting relevant stakeholders including from the industry, should carry out coordinated security risk assessments of critical supply chains, as carried out for 5G networks following Commission Recommendation (EU) 2019/534 , with the aim of identifying, per sector, the critical ICT services, ICT systems or ICT products, relevant threats and vulnerabilities. Such coordinated security risk assessments should identify measures, mitigation plans and best practices to counter critical dependencies, potential single points of failure, threats, vulnerabilities and other risks associated with the supply chain and should explore ways to further encourage their wider adoption by essential and important entities. Potential non-technical risk factors, such as undue influence by a third country on suppliers and service providers, in particular in the case of alternative models of governance, include concealed vulnerabilities or backdoors and potential systemic supply disruptions, in particular in the case of technological lock-in or provider dependency.