Data & Privacy
- Data Act
- Data Governance Act
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
Cybersecurity
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
Directive on Measures for a High Common Level of Cybersecurity Across the Union
- Recitals
CHAPTER I
GENERAL PROVISIONSArticles 1 — 6
CHAPTER II
COORDINATED CYBERSECURITY FRAMEWORKSArticles 7 — 13
CHAPTER III
COOPERATION AT UNION AND INTERNATIONAL LEVELArticles 14 — 19
CHAPTER IV
CYBERSECURITY RISK-MANAGEMENT MEASURES AND REPORTING OBLIGATIONSArticles 20 — 25
CHAPTER V
JURISDICTION AND REGISTRATIONArticles 26 — 28
CHAPTER VI
INFORMATION SHARINGArticles 29 — 30
CHAPTER VII
SUPERVISION AND ENFORCEMENTArticles 31 — 37
CHAPTER VIII
DELEGATED AND IMPLEMENTING ACTSArticles 38 — 39
CHAPTER IX
FINAL PROVISIONSArticles 40 — 46
ANNEXES
NIS2 Article 8. Competent authorities and single points of contact
- 1.Each Member State shall designate or establish one or more competent authorities responsible for cybersecurity and for the supervisory tasks referred to in Chapter VII (competent authorities).
- 2.The competent authorities referred to in paragraph 1 shall monitor the implementation of this Directive at national level.
- 3.Each Member State shall designate or establish a single point of contact. Where a Member State designates or establishes only one competent authority pursuant to paragraph 1, that competent authority shall also be the single point of contact for that Member State.
- 4.Each single point of contact shall exercise a liaison function to ensure cross-border cooperation of its Member State’s authorities with the relevant authorities of other Member States, and, where appropriate, with the Commission and ENISA, as well as to ensure cross-sectoral cooperation with other competent authorities within its Member State.
- 5.Member States shall ensure that their competent authorities and single points of contact have adequate resources to carry out, in an effective and efficient manner, the tasks assigned to them and thereby to fulfil the objectives of this Directive.
- 6.Each Member State shall notify the Commission without undue delay of the identity of the competent authority referred to in paragraph 1 and of the single point of contact referred to in paragraph 3, of the tasks of those authorities, and of any subsequent changes thereto. Each Member State shall make public the identity of its competent authority. The Commission shall make a list of the single points of contact publicly available.
Relevant Recitals for this Article
In view of the differences in national governance structures and in order to safeguard already existing sectoral arrangements or Union supervisory and regulatory bodies, Member States should be able to designate or establish one or more competent authorities responsible for cybersecurity and for the supervisory tasks under this Directive.
In order to facilitate cross-border cooperation and communication among authorities and to enable this Directive to be implemented effectively, it is necessary for each Member State to designate a single point of contact responsible for coordinating issues related to the security of network and information systems and cross-border cooperation at Union level.
The single points of contact should ensure effective cross-border cooperation with relevant authorities of other Member States and, where appropriate, with the Commission and ENISA. The single points of contact should therefore be tasked with forwarding notifications of significant incidents with cross-border impact to the single points of contact of other affected Member States upon the request of the CSIRT or the competent authority. At national level, the single points of contact should enable smooth cross-sectoral cooperation with other competent authorities. The single points of contact could also be the addressees of relevant information about incidents concerning financial entities from the competent authorities under Regulation (EU) 2022/2554 which they should be able to forward, as appropriate, to the CSIRTs or the competent authorities under this Directive.