Logo
StreamLex Home
Logo
StreamLex Home
Laws
Laws
Recitals
Recitals
Your feedback
About UsNewsletterTerms of UsePrivacy NoticeLinkedIn
Cybersecurity Act

  • Data & Privacy

    • Data Act
    • Data Governance Act
    • ePrivacy Directive
    • GDPR

  • AI & Trust

    • Artificial Intelligence Act

  • Cybersecurity

    • Cybersecurity Act
    • DORA
    • NIS2

  • Digital Services & Media

    • Digital Markets Act
    • Digital Services Act
    • European Media Freedom Act
CSA

CSA Article 59. Peer review

  • 1.
    With a view to achieving equivalent standards throughout the Union in respect of European cybersecurity certificates and EU statements of conformity, national cybersecurity certification authorities shall be subject to peer review.
  • 2.
    Peer review shall be carried out on the basis of sound and transparent evaluation criteria and procedures, in particular concerning structural, human resource and process requirements, confidentiality and complaints.
  • 3.
    Peer review shall assess:
    • (a)
      where applicable, whether the activities of the national cybersecurity certification authorities that relate to the issuance of European cybersecurity certificates referred to in point (a) of Article 56(5) and in Article 56(6) are strictly separated from their supervisory activities set out in Article 58 and whether those activities are carried out independently from each other;
    • (b)
      the procedures for supervising and enforcing the rules for monitoring the compliance of ICT products, ICT services and ICT processes with European cybersecurity certificates pursuant to point (a) of Article 58(7);
    • (c)
      the procedures for monitoring and enforcing the obligations of manufacturers or providers of ICT products, ICT services or ICT processes pursuant to point (b) of Article 58(7);
    • (d)
      the procedures for monitoring, authorising and supervising the activities of the conformity assessment bodies;
    • (e)
      where applicable, whether the staff of authorities or bodies that issue certificates for assurance level ‘high’ pursuant to Article 56(6) have the appropriate expertise.
  • 4.
    Peer review shall be carried out by at least two national cybersecurity certification authorities of other Member States and the Commission and shall be carried out at least once every five years. ENISA may participate in the peer review.
  • 5.
    The Commission may adopt implementing acts establishing a plan for peer review which covers a period of at least five years, laying down the criteria concerning the composition of the peer review team, the methodology to be used in peer review, and the schedule, the frequency and other tasks related to it. In adopting those implementing acts, the Commission shall take due account of the views of the ECCG. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 66(2).
  • 6.
    The outcomes of peer reviews shall be examined by the ECCG, which shall draw up summaries that may be made publicly available and which shall, where necessary, issue guidelines or recommendations on actions or measures to be taken by the entities concerned.

Relevant Recitals for this Article

© 2024 StreamLex

NewsletterAbout UsTerms of UsePrivacy NoticeManage cookies

© 2024 StreamLex