Data & Privacy
- Data Act
- Data Governance Act
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
Cybersecurity
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
Directive on Measures for a High Common Level of Cybersecurity Across the Union
- Recitals
CHAPTER I
GENERAL PROVISIONSArticles 1 — 6
CHAPTER II
COORDINATED CYBERSECURITY FRAMEWORKSArticles 7 — 13
CHAPTER III
COOPERATION AT UNION AND INTERNATIONAL LEVELArticles 14 — 19
CHAPTER IV
CYBERSECURITY RISK-MANAGEMENT MEASURES AND REPORTING OBLIGATIONSArticles 20 — 25
CHAPTER V
JURISDICTION AND REGISTRATIONArticles 26 — 28
CHAPTER VI
INFORMATION SHARINGArticles 29 — 30
CHAPTER VII
SUPERVISION AND ENFORCEMENTArticles 31 — 37
CHAPTER VIII
DELEGATED AND IMPLEMENTING ACTSArticles 38 — 39
CHAPTER IX
FINAL PROVISIONSArticles 40 — 46
ANNEXES
NIS2 Article 37. Mutual assistance
- 1.Where an entity provides services in more than one Member State, or provides services in one or more Member States and its network and information systems are located in one or more other Member States, the competent authorities of the Member States concerned shall cooperate with and assist each other as necessary. That cooperation shall entail, at least, that:
- (a)the competent authorities applying supervisory or enforcement measures in a Member State shall, via the single point of contact, inform and consult the competent authorities in the other Member States concerned on the supervisory and enforcement measures taken;
- (b)a competent authority may request another competent authority to take supervisory or enforcement measures;
- (c)a competent authority shall, upon receipt of a substantiated request from another competent authority, provide the other competent authority with mutual assistance proportionate to its own resources so that the supervisory or enforcement measures can be implemented in an effective, efficient and consistent manner.
The mutual assistance referred to in the first subparagraph, point (c), may cover information requests and supervisory measures, including requests to carry out on-site inspections or off-site supervision or targeted security audits. A competent authority to which a request for assistance is addressed shall not refuse that request unless it is established that it does not have the competence to provide the requested assistance, the requested assistance is not proportionate to the supervisory tasks of the competent authority, or the request concerns information or entails activities which, if disclosed or carried out, would be contrary to the essential interests of the Member State’s national security, public security or defence. Before refusing such a request, the competent authority shall consult the other competent authorities concerned as well as, upon the request of one of the Member States concerned, the Commission and ENISA.
- 2.Where appropriate and with common agreement, the competent authorities of various Member States may carry out joint supervisory actions.
Relevant Recitals for this Article
For the purpose of ensuring entities’ compliance with their obligations laid down in this Directive, Member States should cooperate with and assist each other with regard to supervisory and enforcement measures, in particular where an entity provides services in more than one Member State or where its network and information systems are located in a Member State other than that where it provides services. When providing assistance, the requested competent authority should take supervisory or enforcement measures in accordance with national law. In order to ensure the smooth functioning of mutual assistance under this Directive, the competent authorities should use the Cooperation Group as a forum to discuss cases and particular requests for assistance.
In order to ensure effective supervision and enforcement, in particular in a situation with a cross-border dimension, a Member State that has received a request for mutual assistance should, within the limits of that request, take appropriate supervisory and enforcement measures in relation to the entity that is the subject of that request, and that provides services or has a network and information system on the territory of that Member State.