Laws › NIS 2
UE 2022/2555

Directive on the security of network and information systems

The broadened cyber framework: essential and important entities across Europe.

Official source : EUR-Lex CELEX:32022L2555 ↗

46articles
1with Luxgap guidance
24havg response time

CHAPTER I — GENERAL PROVISIONS

Art. 1 Advice
Subject matter
Art. 2
Scope
Art. 3
Essential and important entities
Art. 4
Sector-specific Union legal acts
Art. 5
Minimum harmonisation
Art. 6
Definitions

CHAPTER II — COORDINATED CYBERSECURITY FRAMEWORKS

Art. 7
National cybersecurity strategy
Art. 8
Competent authorities and single points of contact
Art. 9
National cyber crisis management frameworks
Art. 10
Computer security incident response teams (CSIRTs)
Art. 11
Requirements, technical capabilities and tasks of CSIRTs
Art. 12
Coordinated vulnerability disclosure and a European vulnerability database
Art. 13
Cooperation at national level

CHAPTER III — COOPERATION AT UNION AND INTERNATIONAL LEVEL

Art. 14
Cooperation Group
Art. 15
CSIRTs network
Art. 16
European cyber crisis liaison organisation network (EU-CyCLONe)
Art. 17
International cooperation
Art. 18
Report on the state of cybersecurity in the Union
Art. 19
Peer reviews

CHAPTER IV — CYBERSECURITY RISK-MANAGEMENT MEASURES AND REPORTING OBLIGATIONS

Art. 20
Governance
Art. 21
Cybersecurity risk-management measures
Art. 22
Union level coordinated security risk assessments of critical supply chains
Art. 23
Reporting obligations
Art. 24
Use of European cybersecurity certification schemes
Art. 25
Standardisation

CHAPTER V — JURISDICTION AND REGISTRATION

Art. 26
Jurisdiction and territoriality
Art. 27
Registry of entities
Art. 28
Database of domain name registration data

CHAPTER VI — INFORMATION SHARING

Art. 29
Cybersecurity information-sharing arrangements
Art. 30
Voluntary notification of relevant information

CHAPTER VII — SUPERVISION AND ENFORCEMENT

Art. 31
General aspects concerning supervision and enforcement
Art. 32
Supervisory and enforcement measures in relation to essential entities
Art. 33
Supervisory and enforcement measures in relation to important entities
Art. 34
General conditions for imposing administrative fines on essential and important entities
Art. 35
Infringements entailing a personal data breach
Art. 36
Penalties
Art. 37
Mutual assistance

CHAPTER VIII — DELEGATED AND IMPLEMENTING ACTS

Art. 38
Exercise of the delegation
Art. 39
Committee procedure

CHAPTER IX — FINAL PROVISIONS

Art. 40
Review
Art. 41
Transposition
Art. 42
Amendment of Regulation (EU) No 910/2014
Art. 43
Amendment of Directive (EU) 2018/1972
Art. 44
Repeal
Art. 45
Entry into force
Art. 46
Addressees

Need to comply with NIS 2?

Our DPO and CISO team supports over 80 Luxembourg organisations. Free diagnosis, quote within 48h.

Request a diagnosis →