Data & Privacy
- Data Act
- Data Governance Act
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
Cybersecurity
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
Directive on Measures for a High Common Level of Cybersecurity Across the Union
- Recitals
CHAPTER I
GENERAL PROVISIONSArticles 1 — 6
CHAPTER II
COORDINATED CYBERSECURITY FRAMEWORKSArticles 7 — 13
CHAPTER III
COOPERATION AT UNION AND INTERNATIONAL LEVELArticles 14 — 19
CHAPTER IV
CYBERSECURITY RISK-MANAGEMENT MEASURES AND REPORTING OBLIGATIONSArticles 20 — 25
CHAPTER V
JURISDICTION AND REGISTRATIONArticles 26 — 28
CHAPTER VI
INFORMATION SHARINGArticles 29 — 30
CHAPTER VII
SUPERVISION AND ENFORCEMENTArticles 31 — 37
CHAPTER VIII
DELEGATED AND IMPLEMENTING ACTSArticles 38 — 39
CHAPTER IX
FINAL PROVISIONSArticles 40 — 46
ANNEXES
NIS2 Article 40. Review
- By 17 October 2027 and every 36 months thereafter, the Commission shall review the functioning of this Directive, and report to the European Parliament and to the Council. The report shall in particular assess the relevance of the size of the entities concerned, and the sectors, subsectors and types of entity referred to in Annexes I and II for the functioning of the economy and society in relation to cybersecurity. To that end and with a view to further advancing the strategic and operational cooperation, the Commission shall take into account the reports of the Cooperation Group and the CSIRTs network on the experience gained at a strategic and operational level. The report shall be accompanied, where necessary, by a legislative proposal.
Relevant Recitals for this Article
The Commission should periodically review this Directive, after consulting stakeholders, in particular with a view to determining whether it is appropriate to propose amendments in light of changes to societal, political, technological or market conditions. As part of those reviews, the Commission should assess the relevance of the size of the entities concerned, and the sectors, subsectors and types of entity referred to in the annexes to this Directive for the functioning of the economy and society in relation to cybersecurity. The Commission should assess, inter alia, whether providers, falling within the scope of this Directive, that are designated as very large online platforms within the meaning of Article 33 of Regulation (EU) 2022/2065 of the European Parliament and of the Council could be identified as essential entities under this Directive.