<!DOCTYPE html> <html lang="en" class="no-js" xml:lang="en" prefix="eli: http://data.europa.eu/eli/ontology#" > <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"/> <meta name="viewport" content="width=device-width, initial-scale=1"> <script type="text/javascript" src="/eurlex-frontoffice/ruxitagentjs_ICANVfgqrux_10299241001084140.js" data-dtconfig="app=47d4c64c3b67ec69|cuc=m097nmfl|agentId=bd6a61be964c38eb|mel=100000|mb=null|featureHash=ICANVfgqrux|dpvc=1|iub=null|lastModification=1739626928717|tp=500,50,0|rdnt=1|uxrgce=1|agentUri=/eurlex-frontoffice/ruxitagentjs_ICANVfgqrux_10299241001084140.js|reportUrl=/eurlex-frontoffice/rb_39a3e95b-5423-482c-879b-99ef235dffeb|rid=RID_1976103605|rpid=2039880806|domain=europa.eu"></script><script type="text/javascript" src="./../../../../revamp/components/vendor/modernizr/modernizr.js?v=2.17.0"></script> <title>Implementing regulation - EU - 2024/2690 - EN - EUR-Lex</title> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" typeof="eli:LegalResource"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:uri_schema" resource="http://data.europa.eu/eli/%7Btypedoc%7D/%7Byear%7D/%7Bnatural_number%7D/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:id_local" content="32024R2690" lang=""/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:type_document" resource="http://publications.europa.eu/resource/authority/resource-type/REG_IMPL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:passed_by" resource="http://publications.europa.eu/resource/authority/corporate-body/CNECT"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:passed_by" resource="http://publications.europa.eu/resource/authority/corporate-body/COM"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:responsibility_of" content="CNECT"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_about" resource="http://eurovoc.europa.eu/3027"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_about" resource="http://eurovoc.europa.eu/c_406ad4cc"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_about" resource="http://eurovoc.europa.eu/c_57f3c49f"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_about" resource="http://eurovoc.europa.eu/2602"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_about" resource="http://eurovoc.europa.eu/3453"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_about" resource="http://eurovoc.europa.eu/5888"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_about" resource="http://eurovoc.europa.eu/c_04ae3ba8"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_about" resource="http://eurovoc.europa.eu/5181"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_about" resource="http://eurovoc.europa.eu/c_433922a6"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:date_document" content="2024-10-17" datatype="xsd:date"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:in_force" resource="http://data.europa.eu/eli/ontology#InForce-inForce"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:first_date_entry_in_force" content="2024-11-07" datatype="xsd:date"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:changes" resource="http://data.europa.eu/eli/reg_impl/2018/151/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:based_on" resource="http://publications.europa.eu/resource/authority/treaty/TFEU_2016"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:cites" resource="http://data.europa.eu/eli/reg/2018/1725/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:cites" resource="http://data.europa.eu/eli/reg/2019/881/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/CES"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces" property="eli:title" content="Prováděcí nařízení Komise (EU) 2024/2690 ze dne 17. října 2024, kterým se stanoví pravidla pro uplatňování směrnice (EU) 2022/2555, pokud jde o technické a metodické požadavky na opatření k řízení kybernetických bezpečnostních rizik a bližší upřesnění případů, v nichž se incident považuje za významný, pokud jde o provozovatele DNS, registry domén nejvyšší úrovně, poskytovatele služeb cloud computingu, poskytovatele služeb datových center, poskytovatele sítí pro doručování obsahu, poskytovatele řízených služeb, poskytovatele řízených bezpečnostních služeb, poskytovatele on-line tržišť, internetových vyhledávačů a služeb platforem sociálních sítí a poskytovatele služeb vytvářejících důvěru" lang="cs"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ces/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/LIT"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit" property="eli:title" content="2024 m. spalio 17 d. Komisijos įgyvendinimo reglamentas (ES) 2024/2690, kuriuo nustatomos Direktyvos (ES) 2022/2555 taikymo taisyklės, susijusios su kibernetinio saugumo rizikos valdymo priemonių techniniais ir metodiniais reikalavimais ir išsamesniu atvejų, kuriais incidentas laikomas dideliu, apibūdinimu, skirtais DNS paslaugų teikėjams, aukščiausio lygio domenų vardų registrams, debesijos kompiuterijos paslaugų teikėjams, duomenų centrų paslaugų teikėjams, turinio teikimo tinklų teikėjams, valdomų paslaugų teikėjams, valdomų saugumo paslaugų teikėjams, elektroninių prekyviečių, interneto paieškos sistemų ir socialinių tinklų paslaugų platformų teikėjams ir patikimumo užtikrinimo paslaugų teikėjams" lang="lt"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lit/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/RON"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron" property="eli:title" content="Regulamentul de punere în aplicare (UE) 2024/2690 al Comisiei din 17 octombrie 2024 de stabilire a normelor de aplicare a Directivei (UE) 2022/2555 în ceea ce privește cerințele tehnice și metodologice ale măsurilor de gestionare a riscurilor în materie de securitate cibernetică și specificarea suplimentară a cazurilor în care un incident este considerat semnificativ referitor la furnizorii de servicii DNS, registrele de nume TLD, furnizorii de servicii de cloud computing, furnizorii de servicii de centre de date, furnizorii de rețele de furnizare de conținut, furnizorii de servicii gestionate, furnizorii de servicii de securitate gestionate, furnizorii de piețe online, de motoare de căutare online și de platforme de servicii de socializare în rețea, precum și prestatorii de servicii de încredere" lang="ro"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ron/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/EST"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est" property="eli:title" content="Komisjoni rakendusmäärus (EL) 2024/2690, 17. oktoober 2024, millega kehtestatakse seoses domeeninimede süsteemi teenuse osutajate, tippdomeeninimede registrite, pilvandmetöötlusteenuse osutajate, andmekeskusteenuse osutajate, sisulevivõrgu pakkujate, hallatud teenuse osutajate, turbetarnijate ning internetipõhiste kauplemiskohtade, internetipõhiste otsingumootorite, sotsiaalvõrguteenuse platvormide ja usaldusteenuse pakkujatega direktiivi (EL) 2022/2555 kohaldamise eeskirjad, mis puudutavad küberturvalisuse riskijuhtimismeetmete tehnilisi ja metoodilisi nõudeid ja selliste juhtude täpsemat kindlaksmääramist, mille korral peetakse intsidenti oluliseks" lang="et"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/est/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/DEU"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu" property="eli:title" content="Durchführungsverordnung (EU) 2024/2690 der Kommission vom 17. Oktober 2024 mit Durchführungsbestimmungen zur Richtlinie (EU) 2022/2555 im Hinblick auf die technischen und methodischen Anforderungen der Risikomanagementmaßnahmen im Bereich der Cybersicherheit und die Präzisierung der Fälle, in denen ein Sicherheitsvorfall in Bezug auf DNS-Diensteanbieter, TLD-Namenregister, Anbieter von Cloud-Computing-Diensten, Anbieter von Rechenzentrumsdiensten, Betreiber von Inhaltszustellnetzen, Anbieter verwalteter Dienste, Anbieter verwalteter Sicherheitsdienste, Anbieter von Online-Marktplätzen, Online-Suchmaschinen und Plattformen für Dienste sozialer Netzwerke und Vertrauensdiensteanbieter als erheblich gilt" lang="de"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/deu/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/SLV"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv" property="eli:title" content="Izvedbena uredba Komisije (EU) 2024/2690 z dne 17. oktobra 2024 o določitvi pravil za uporabo Direktive (EU) 2022/2555 v zvezi s tehničnimi in metodološkimi zahtevami ukrepov za obvladovanje tveganj za kibernetsko varnost ter podrobnejšo opredelitvijo primerov, v katerih se incident šteje za pomembnega, kar zadeva ponudnike storitev DNS, registre TLD imen, ponudnike storitev računalništva v oblaku, ponudnike storitev podatkovnega centra, ponudnike omrežij za dostavo vsebin, ponudnike upravljanih storitev, ponudnike upravljanih varnostnih storitev, ponudnike spletnih tržnic, spletnih iskalnikov in platform za storitve družbenega mreženja ter ponudnike storitev zaupanja" lang="sl"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slv/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/MLT"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt" property="eli:title" content="Regolament ta’ Implimentazzjoni tal-Kummissjoni (UE) 2024/2690 tas-17 ta’ Ottubru 2024 li jistabbilixxi regoli għall-applikazzjoni tad-Direttiva (UE) 2022/2555 fir-rigward tar-rekwiżiti tekniċi u metodoloġiċi tal-miżuri tal-ġestjoni tar-riskji taċ-ċibersigurtà u speċifikazzjoni ulterjuri tal-każijiet meta inċident jitqies sinifikanti fir-rigward tal-fornituri tas-servizzi DNS, ir-reġistri tal-ismijiet tad-dominji tal-ogħla livell, il-fornituri tas-servizzi tal-cloud computing, il-fornituri tas-servizzi taċ-ċentri tad-data, il-fornituri tan-networks tat-twassil tal-kontenut, il-fornituri tas-servizzi ġestiti, il-fornituri tas-servizzi tas-sigurtà ġestiti, il-fornituri tas-swieq online, tal-magni tat-tiftix online u tal-pjattaformi tas-servizzi tan-networking soċjali, u l-fornituri tas-servizzi fiduċjarji" lang="mt"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/mlt/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/FIN"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin" property="eli:title" content="Komission täytäntöönpanoasetus (EU) 2024/2690, annettu 17 päivänä lokakuuta 2024, direktiivin (EU) 2022/2555 soveltamista koskevista säännöistä DNS-palveluntarjoajia, aluetunnusrekistereitä, pilvipalvelujen tarjoajia, datakeskuspalvelujen tarjoajia, sisällönjakeluverkkojen tarjoajia, hallintapalvelun tarjoajia, tietoturvapalveluntarjoajia, verkossa toimivien markkinapaikkojen tarjoajia, verkossa toimivien hakukoneiden tarjoajia, verkkoyhteisöalustojen tarjoajia ja luottamuspalvelun tarjoajia varten siltä osin kuin on kyse kyberturvallisuusriskien hallintatoimenpiteiden teknisistä ja menetelmiin liittyvistä vaatimuksista ja sellaisten tapausten täsmentämisestä, joissa poikkeama katsotaan merkittäväksi" lang="fi"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fin/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/NLD"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld" property="eli:title" content="Uitvoeringsverordening (EU) 2024/2690 van de Commissie van 17 oktober 2024 tot vaststelling van regels voor de toepassing van Richtlijn (EU) 2022/2555 wat betreft de technische en methodologische vereisten van de maatregelen voor het beheer van cyberbeveiligingsrisico’s en nadere specificatie van de gevallen waarin een incident als significant wordt beschouwd met betrekking tot DNS-dienstverleners, registers voor topleveldomeinnamen, aanbieders van cloudcomputingdiensten, aanbieders van datacentrumdiensten, aanbieders van netwerken voor de levering van inhoud, aanbieders van beheerde diensten, aanbieders van beheerde beveiligingsdiensten, aanbieders van onlinemarktplaatsen, van onlinezoekmachines en van platforms voor socialenetwerkdiensten, en verleners van vertrouwensdiensten" lang="nl"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/nld/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/ENG"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng" property="eli:title" content="Commission Implementing Regulation (EU) 2024/2690 of 17 October 2024 laying down rules for the application of Directive (EU) 2022/2555 as regards technical and methodological requirements of cybersecurity risk-management measures and further specification of the cases in which an incident is considered to be significant with regard to DNS service providers, TLD name registries, cloud computing service providers, data centre service providers, content delivery network providers, managed service providers, managed security service providers, providers of online market places, of online search engines and of social networking services platforms, and trust service providers" lang="en"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/eng/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/HRV"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv" property="eli:title" content="Provedbena uredba Komisije (EU) 2024/2690 оd 17. listopada 2024. o utvrđivanju pravila za primjenu Direktive (EU) 2022/2555 u pogledu tehničkih i metodoloških zahtjeva za mjere upravljanja kibernetičkosigurnosnim rizicima te dodatnih specifikacija slučajeva u kojima se incident smatra značajnim za pružatelje usluga DNS-a, registre naziva vršnih domena, pružatelje usluga računalstva u oblaku, pružatelje usluga podatkovnog centra, pružatelje mreža za isporuku sadržaja, pružatelje upravljanih usluga, pružatelje upravljanih sigurnosnih usluga, pružatelje internetskih tržišta, internetskih tražilica i platformi za usluge društvenih mreža te pružatelje usluga povjerenja" lang="hr"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hrv/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/POL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol" property="eli:title" content="Rozporządzenie wykonawcze Komisji (UE) 2024/2690 z dnia 17 października 2024 r. ustanawiające zasady stosowania dyrektywy (UE) 2022/2555 w odniesieniu do wymogów technicznych i metodycznych dotyczących środków zarządzania ryzykiem w cyberbezpieczeństwie oraz doprecyzowujące przypadki, w których incydent uznaje się za poważny w odniesieniu do dostawców usług DNS, rejestrów nazw TLD, dostawców usług chmurowych, dostawców usług ośrodka przetwarzania danych, dostawców sieci dostarczania treści, dostawców usług zarządzanych, dostawców usług zarządzanych w zakresie bezpieczeństwa, dostawców internetowych platform handlowych, wyszukiwarek internetowych i platform usług sieci społecznościowych oraz dostawców usług zaufania" lang="pl"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/pol/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/SPA"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa" property="eli:title" content="Reglamento de Ejecución (UE) 2024/2690 de la Comisión, de 17 de octubre de 2024, por el que se establecen las disposiciones de aplicación de la Directiva (UE) 2022/2555 en lo que respecta a los requisitos técnicos y metodológicos de las medidas para la gestión de riesgos de ciberseguridad y en el que se detallan los casos en que un incidente se considera significativo con respecto a los proveedores de servicios de DNS, los registros de nombres de dominio de primer nivel, los proveedores de servicios de computación en nube, los proveedores de servicios de centro de datos, los proveedores de redes de distribución de contenidos, los proveedores de servicios gestionados, los proveedores de servicios de seguridad gestionados, los proveedores de mercados en línea, motores de búsqueda en línea y plataformas de servicios de redes sociales, y los proveedores de servicios de confianza" lang="es"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/spa/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/GLE"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle" property="eli:title" content="Rialachán Cur Chun Feidhme (AE) 2024/2690 ón gCoimisiún an 17 Deireadh Fómhair 2024 lena leagtar síos na rialacha maidir le cur i bhfeidhm Threoir (AE) 2022/2555 a mhéid a bhaineann le ceanglais theicniúla agus mhodheolaíochta maidir le bearta bainistíochta riosca cibearshlándála agus sonrú breise ar na cásanna ina meastar teagmhas a bheith suntasach a mhéid a bhaineann le soláthraithe seirbhísí DNS, clárlanna ainmneacha TLD, soláthraithe seirbhísí néalríomhaireachta, soláthraithe seirbhísí lárionad sonraí, soláthraithe gréasán soláthair ábhair, soláthraithe seirbhísí bainistithe, soláthraithe seirbhísí slándála bainistithe, soláthraithe margaí ar líne, soláthraithe inneall cuardaigh ar líne agus soláthraithe ardán seirbhísí líonraithe shóisialta, agus soláthraithe seirbhísí iontaoibhe" lang="ga"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/gle/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/DAN"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan" property="eli:title" content="Kommissionens gennemførelsesforordning (EU) 2024/2690 af 17. oktober 2024 om regler for anvendelsen af direktiv (EU) 2022/2555 for så vidt angår tekniske og metodologiske krav til foranstaltninger til styring af cybersikkerhedsrisici og yderligere præcisering af de tilfælde, hvor en hændelse anses for at være væsentlig, for så vidt angår DNS-tjenesteudbydere, topdomænenavneadministratorer og udbydere af cloudcomputingtjenester, af datacentertjenester, af indholdsleveringsnetværk, af administrerede tjenester, af administrerede sikkerhedstjenester, af onlinemarkedspladser, af onlinesøgemaskiner og af platforme for sociale netværkstjenester og af tillidstjenester" lang="da"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/dan/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/FRA"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra" property="eli:title" content="Règlement d’exécution (UE) 2024/2690 de la Commission du 17 octobre 2024 établissant des règles relatives à l’application de la directive (UE) 2022/2555 pour ce qui est des exigences techniques et méthodologiques liées aux mesures de gestion des risques en matière de cybersécurité et précisant plus en détail les cas dans lesquels un incident est considéré comme important, en ce qui concerne les fournisseurs de services DNS, les registres des noms de domaine de premier niveau, les fournisseurs de services d’informatique en nuage, les fournisseurs de services de centres de données, les fournisseurs de réseaux de diffusion de contenu, les fournisseurs de services gérés, les fournisseurs de services de sécurité gérés, ainsi que les fournisseurs de places de marché en ligne, de moteurs de recherche en ligne et de plateformes de services de réseaux sociaux, et les prestataires de services de confiance" lang="fr"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/fra/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/POR"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por" property="eli:title" content="Regulamento de Execução (UE) 2024/2690 da Comissão, de 17 de outubro de 2024, que estabelece regras de execução da Diretiva (UE) 2022/2555 relativamente aos requisitos técnicos e metodológicos das medidas de gestão dos riscos de cibersegurança e especifica mais pormenorizadamente os casos em que se considera que um incidente é significativo no que respeita aos prestadores de serviços de DNS, aos registos de nomes de TLD, aos prestadores de serviços de computação em nuvem, aos prestadores de serviços de centro de dados, aos fornecedores de redes de distribuição de conteúdos, aos prestadores de serviços geridos, aos prestadores de serviços de segurança geridos, aos prestadores de serviços de mercados em linha, de motores de pesquisa em linha e de plataformas de serviços de redes sociais e aos prestadores de serviços de confiança" lang="pt"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/por/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/SLK"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk" property="eli:title" content="Vykonávacie nariadenie Komisie (EÚ) 2024/2690 zo 17. októbra 2024, ktorým sa stanovujú pravidlá uplatňovania smernice (EÚ) 2022/2555, pokiaľ ide o technické a metodické požiadavky na opatrenia na riadenie kybernetických rizík a o bližšie určenie prípadov, v ktorých sa incident považuje za významný, vo vzťahu k poskytovateľom služieb DNS, správcom názvov TLD, poskytovateľom služieb cloud computingu, poskytovateľom služieb dátového centra, poskytovateľom sietí na sprístupňovanie obsahu, poskytovateľom riadených služieb, poskytovateľom riadených bezpečnostných služieb, poskytovateľom online trhov, internetových vyhľadávačov a platforiem služieb sociálnej siete a poskytovateľom dôveryhodných služieb" lang="sk"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/slk/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/ELL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell" property="eli:title" content="Εκτελεστικός κανονισμός (ΕΕ) 2024/2690 της Επιτροπής, της 17ης Οκτωβρίου 2024, για τη θέσπιση κανόνων εφαρμογής της οδηγίας (ΕΕ) 2022/2555 όσον αφορά τις τεχνικές και μεθοδολογικές απαιτήσεις των μέτρων διαχείρισης κινδύνων στον τομέα της κυβερνοασφάλειας και τον περαιτέρω προσδιορισμό των περιπτώσεων στις οποίες ένα περιστατικό θεωρείται σημαντικό όσον αφορά τους παρόχους υπηρεσιών DNS, τα μητρώα ονομάτων TLD, τους παρόχους υπηρεσιών υπολογιστικού νέφους, τους παρόχους υπηρεσιών κέντρων δεδομένων, τους παρόχους δικτύων διανομής περιεχομένου, τους παρόχους διαχειριζόμενων υπηρεσιών, τους παρόχους διαχειριζόμενων υπηρεσιών ασφάλειας, τους παρόχους επιγραμμικών αγορών, επιγραμμικών μηχανών αναζήτησης και πλατφορμών υπηρεσιών κοινωνικής δικτύωσης και τους παρόχους υπηρεσιών εμπιστοσύνης" lang="el"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ell/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/LAV"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav" property="eli:title" content="Komisijas Īstenošanas regula (ES) 2024/2690 (2024. gada 17. oktobris), kas attiecībā uz DNS pakalpojumu sniedzējiem, TLD nosaukumu reģistriem, mākoņdatošanas pakalpojumu sniedzējiem, datu centru pakalpojumu sniedzējiem, satura piegādes tīkla nodrošinātājiem, pārvaldītu pakalpojumu sniedzējiem, pārvaldītu drošības pakalpojumu sniedzējiem, tiešsaistes tirdzniecības vietu, tiešsaistes meklētājprogrammu un sociālās tīklošanās pakalpojumu platformu nodrošinātājiem un uzticamības pakalpojumu sniedzējiem nosaka Direktīvas (ES) 2022/2555 piemērošanas noteikumus, kuri attiecas uz kiberdrošības risku pārvaldības pasākumu tehniskajām un metodiskajām prasībām un precizē, kādos gadījumos incidentu uzskata par būtisku" lang="lv"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/lav/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/ITA"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita" property="eli:title" content="Regolamento di esecuzione (UE) 2024/2690 della Commissione, del 17 ottobre 2024, recante modalità di applicazione della direttiva (UE) 2022/2555 per quanto riguarda i requisiti tecnici e metodologici delle misure di gestione dei rischi di cibersicurezza e l’ulteriore specificazione dei casi in cui un incidente è considerato significativo per quanto riguarda i fornitori di servizi DNS, i registri dei nomi di dominio di primo livello, i fornitori di servizi di cloud computing, i fornitori di servizi di data center, i fornitori di reti di distribuzione dei contenuti, i fornitori di servizi gestiti, i fornitori di servizi di sicurezza gestiti, i fornitori di mercati online, di motori di ricerca online e di piattaforme di servizi di social network e i prestatori di servizi fiduciari" lang="it"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/ita/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/BUL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul" property="eli:title" content="Регламент за изпълнение (ЕС) 2024/2690 на Комисията от 17 октомври 2024 година за определяне на правила за прилагане на Директива (ЕС) 2022/2555 по отношение на техническите и методологичните изисквания относно мерките за управление на риска в областта на киберсигурността и за доуточняване на случаите, в които даден инцидент се счита за значителен по отношение на доставчиците на DNS услуги, регистрите на имена на домейни от първо ниво, доставчиците на компютърни услуги в облак, доставчиците на услуги на центрове за данни, доставчиците на мрежи за доставяне на съдържание, доставчиците на управлявани услуги, доставчиците на управлявани услуги за сигурност, доставчиците на онлайн места за търговия, на онлайн търсачките и на платформите на услуги за социални мрежи и доставчиците на удостоверителни услуги" lang="bg"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/bul/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/SWE"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe" property="eli:title" content="Kommissionens genomförandeförordning (EU) 2024/2690 av den 17 oktober 2024 om fastställande av regler för tillämpningen av direktiv (EU) 2022/2555 vad gäller tekniska och metodologiska specifikationer för riskhanteringsåtgärder för cybersäkerhet och närmare angivelse av i vilka fall en incident ska anses vara betydande med avseende på leverantörer av DNS-tjänster, registreringsenheter för toppdomäner, leverantörer av molntjänster, leverantörer av datacentraltjänster, leverantörer av nätverk för leverans av innehåll, leverantörer av utlokaliserade driftstjänster, leverantörer av utlokaliserade säkerhetstjänster, leverantörer av marknadsplatser online, leverantörer av sökmotorer, leverantörer av plattformar för sociala nätverkstjänster och tillhandahållare av betrodda tjänster" lang="sv"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/swe/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun" typeof="eli:LegalExpression"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj" property="eli:is_realized_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun" property="eli:realizes" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun" property="eli:language" resource="http://publications.europa.eu/resource/authority/language/HUN"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun" property="eli:title" content="A Bizottság (EU) 2024/2690 végrehajtási rendelete (2024. október 17.) az (EU) 2022/2555 irányelvnek a kiberbiztonsági kockázatkezelési intézkedések technikai és módszertani követelményei, valamint a DNS-szolgáltatók, a legfelső szintű doménnév-nyilvántartók, a felhőszolgáltatók, az adatközpont-szolgáltatók, a tartalomszolgáltató hálózati szolgáltatók, az irányított szolgáltatók, az irányított biztonsági szolgáltatók, az online piacterek, online keresőprogramok vagy közösségimédia-szolgáltatási platformok szolgáltatói és a bizalmi szolgáltatók tekintetében jelentősnek minősülő biztonsági események eseteinek további pontosítása tekintetében történő alkalmazására vonatkozó szabályok megállapításáról" lang="hu"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun/pdfa2a" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun/pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun/pdfa2a" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun/pdfa2a" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/pdf;type=pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun/pdfa2a" property="eli:is_exemplified_by" resource=".pdfa2a"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun/pdfa2a" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun/fmx4" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun/fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun/fmx4" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun/fmx4" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun/fmx4" property="eli:is_exemplified_by" resource=".fmx4"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun/fmx4" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun/xhtml" typeof="eli:Format"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun" property="eli:is_embodied_by" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun/xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun/xhtml" property="eli:embodies" resource="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun/xhtml" property="eli:format" resource="http://www.iana.org/assignments/media-types/application/xhtml+xml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun/xhtml" property="eli:is_exemplified_by" resource=".xhtml"/> <meta about="http://data.europa.eu/eli/reg_impl/2024/2690/oj/hun/xhtml" property="eli:publisher_agent" resource="http://publications.europa.eu/resource/authority/corporate-body/PUBL"/> <meta name="WT.z_docTitle" content="Commission Implementing Regulation (EU) 2024/2690 of 17&nbsp;October 2024 laying down rules for the application of Directive (EU)&nbsp;2022/2555 as regards technical and methodological requirements of cybersecurity risk-management measures and further specification of the cases in which an incident is considered to be significant with regard to DNS service providers, TLD name registries, cloud computing service providers, data centre service providers, content delivery network providers, managed service providers, managed security service providers, providers of online market places, of online search engines and of social networking services platforms, and trust service providers"/><meta name="WT.z_docID" content="32024R2690"/><meta name="WT.z_docSector" content="3"/><meta name="WT.z_docType" content="R"/><meta name="WT.cg_n" content="Legal content view"/><meta name="WT.cg_s" content="Notices"/><meta name="WT.pi" content="Legal content pages"/><meta name="WT.z_usr_lan" content="en"/><meta name="WT.seg_1" content="Unregistered"/> <meta name="google-site-verification" content="hl-zFNRVYTzOJ4xGdc2Wl9h6Ezs9rbbdMgFYLFvx6cA"/> <meta name="msvalidate.01" content="6F74BA769F6140EC354DF6BE33F86005"/> <meta name="format-detection" content="telephone=no"/> <meta name="war-version" content="2.17.0"/> <meta name="fo-db-version" content="2.17.0"/> <meta name="sl-api-version" content="3.9.2/IDOL"/> <meta name="app-relative-path" content="./../../../../"/> <link rel="stylesheet" media="all" href="./../../../../revamp/components/vendor/bootstrap/dist/css/bootstrap.css?v=2.17.0"> <link rel="stylesheet" media="all" href="./../../../../revamp/components/vendor/font-awesome/css/font-awesome.min.css?v=2.17.0"> <link rel="stylesheet" media="all" href="./../../../../revamp/components/vendor/roboto/roboto.css?v=2.17.0"> <link rel="stylesheet" media="all" href="./../../../../revamp/css/eurlex.css?v=2.17.0"> <link rel="stylesheet" media="all" href="./../../../../revamp/css/eurlex-dev.css?v=2.17.0"> <link rel="stylesheet" media="all" href="./../../../../revamp/css/js-offcanvas.css?v=2.17.0"> <link rel="stylesheet" media="all" href="./../../../../css/eurlex-xml-editorial-content.css?t=1732725276000"> <link rel="stylesheet" media="all" href="./../../../../css/oj/oj-convex-act-embedded.css?t=1676463149000"> <link rel="stylesheet" media="print" href="./../../../../css/eurlex-print.css?t=1717166945000"> <script>(function(w,d,u){w.readyQ=[];w.bindReadyQ=[];function p(x,y){if(x=="ready"){w.bindReadyQ.push(y);}else{w.readyQ.push(x);}};var a={ready:p,bind:p};w.$=w.jQuery=function(f){if(f===d||f===u){return a}else{p(f)}}})(window,document)</script> <script type="text/javascript" src="./../../../../dynamic-js/eli_subdivisions_en.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../dynamic-js/labels_en.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../dynamic-js/WT_labels_en.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../dynamic-js/config.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../dynamic-js/const.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../dynamic-js/paths.js?requestURL=%2Feli%2Freg_impl%2F2024%2F2690%2Foj"></script> <script type="text/javascript"> var legislativeUrl = 'http://old.eur-lex.europa.eu/en/techleg/index.htm'; var eurovocUrl = 'http://eurovoc.europa.eu/drupal/'; var interStyleGuideUrl = 'http://publications.europa.eu/code/en/en-000100.htm'; var sessionExpired = false; var pageUrl = ''; var queryString = 'eliuri=eli:reg_impl:2024:2690:oj'; var sessionTimeout = '900000'; </script> <!-- [if lt IE 9]> <script src="js/html5shiv.min.js"></script> <script src="js/respond.min.js"></script> <![endif] --> <link rel="shortcut icon" href="./../../../../images/eurlex.ico"/> <link rel="canonical" href="https://eur-lex.europa.eu/eli/reg_impl/2024/2690/oj/eng"/> <link rel="alternate" type="application/pdf" href="https://eur-lex.europa.eu/eli/reg_impl/2024/2690/oj/eng/pdf"/> <link rel="stylesheet" media="all" href="./../../../../revamp/css/custom-infinite-scroll.css?v=2.17.0"> <link rel="stylesheet" media="all" href="./../../../../revamp/components/vendor/ec/eu-preset-v4.1.1/styles/ecl-eu.css?v=2.17.0"> <link rel="stylesheet" media="all" href="./../../../../revamp/css/eurlex-ec.css?v=2.17.0"> <script type="text/javascript" src="./../../../../js/survey/survey.js?v=2.17.0"></script> </head> <body > <script type="application/json">{ "utility": "cck", "url": "https://eur-lex.europa.eu/content/legal-notice/legal-notice.html?locale=en#5.%20Cookies%20notice" }</script> <input type="hidden" id="piwikProSiteID" value="0b5594a8-b9c8-4cd6-aa25-5c578dcf91df"> <input type="hidden" id="piwikProSummariesSiteID" value="46acaa7c-2394-428f-b054-103dec22b689"> <script type="text/javascript"> document.addEventListener('DOMContentLoaded', function () { (function(window, document, dataLayerName, id) { window[dataLayerName]=window[dataLayerName]||[],window[dataLayerName].push({start:(new Date).getTime(),event:"stg.start"});var scripts=document.getElementsByTagName('script')[0],tags=document.createElement('script'); function stgCreateCookie(a,b,c){var d="";if(c){var e=new Date;e.setTime(e.getTime()+24*c*60*60*1e3),d="; expires="+e.toUTCString();f="; SameSite=Strict"}document.cookie=a+"="+b+d+f+"; path=/"} var isStgDebug=(window.location.href.match("stg_debug")||document.cookie.match("stg_debug"))&&!window.location.href.match("stg_disable_debug");stgCreateCookie("stg_debug",isStgDebug?1:"",isStgDebug?14:-1); var qP=[];dataLayerName!=="dataLayer"&&qP.push("data_layer_name="+dataLayerName),isStgDebug&&qP.push("stg_debug");var qPString=qP.length>0?("?"+qP.join("&")):""; tags.async=!0,tags.src="https://analytics.webanalytics.op.europa.eu/containers/"+id+".js"+qPString,scripts.parentNode.insertBefore(tags,scripts); !function(a,n,i){a[n]=a[n]||{};for(var c=0;c<i.length;c++)!function(i){a[n][i]=a[n][i]||{},a[n][i].api=a[n][i].api||function(){var a=[].slice.call(arguments,0);"string"==typeof a[0]&&window[dataLayerName].push({event:n+"."+i+":"+a[0],parameters:[].slice.call(arguments,1)})}}(i[c])}(window,"ppms",["tm","cm"]); })(window, document, 'dataLayer','0b5594a8-b9c8-4cd6-aa25-5c578dcf91df'); }, { once: true }); </script> <!-- // GENERAL Modal which is used by all the dynamic loading modal cases. --> <div class="modal fade EurlexModal" id="myModal" tabindex="-1" role="dialog" aria-labelledby="DemoModal02Title"> <div class="modal-dialog modal-lg" role="document"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button> <div class="modal-title" role="heading" aria-level="1" id="DemoModal02Title"></div> </div><!-- modal-header --> <div class="modal-body"> </div><!-- modal-body --> </div><!-- modal-content --> </div><!-- modal-dialog --> </div><!-- modal --> <div class="Wrapper clearfix"> <a class="sr-only sr-only-focusable SkipLink" href="#MainContent">Skip to main content</a> <div> <header id="op-header" class="ecl-site-header header-refinement box-shadow-removal" data-ecl-auto-init="SiteHeader"> <div class="ecl-site-header__background"> <div class="ecl-site-header__header"> <div class="ecl-site-header__container ecl-container upper-header-border header-width-override"> <div class="ecl-site-header__top" data-ecl-site-header-top> <a id="homepageLogo" href="https://european-union.europa.eu/index_en" class="ecl-link ecl-link--standalone ecl-site-header__logo-link" ariaLabel="aria-label=European Union"> <picture class="ecl-picture ecl-site-header__picture" title="European Union"> <source srcset="./../../../../revamp/components/vendor/ec/eu-preset-v4.1.1/images/logo/standard-version/positive/logo-eu--en.svg" media="(min-width: 996px)"> <img class="ecl-site-header__logo-image eu-logo-size" src="./../../../../revamp/components/vendor/ec/eu-preset-v4.1.1/images/logo/condensed-version/positive/logo-eu--en.svg" alt="European Union flag" /> </picture> </a> <div class="ecl-site-header__action"> <div class="dropdown ecl-site-header__login-container"> <a id="MyEurlex" class="ecl-button ecl-button--tertiary ecl-site-header__login-toggle dropdown-toggle login-lang-text-size" href="#" data-toggle="dropdown" aria-haspopup="true" > <svg class="ecl-icon ecl-icon--s ecl-site-header__icon login-lang-image-size" focusable="false" aria-hidden="false" role="img" "> <use alt="Log in" xlink:href="./../../../../revamp/components/vendor/ec/eu-preset-v4.1.1/images/icons/svg/all/log-in.svg#log-in"/> <title>Log in</title> </svg> My EUR-Lex </a> <div class="dropdown-menu MyAccount" role="menu" aria-labelledby="MyEurlex"> <li class="dropdown-header visible-xs-block">My EUR-Lex</li> <li> <a href="./../../../../protected/homepage.html?url=%2Feli%2Freg_impl%2F2024%2F2690%2Foj" ><i class="fa fa-sign-in" aria-hidden="true"></i>Sign in</a> </li> <li><a href="https://ecas.ec.europa.eu/cas/eim/external/register.cgi/"><i class="fa fa-user-plus" aria-hidden="true"></i>Register</a></li> <li role="separator" class="divider"></li> <li> <a href="./../../../../my-eurlex/my-queries.html#recentQueries" title="My recent searches (0)" id="myRecentQueriesLink" ><i class="fa fa-history" aria-hidden="true"></i>My recent searches (0)</a> </li> </div> </div> <div id="op-header-language" class="ecl-site-header__language"> <a class="ecl-button ecl-button--tertiary ecl-site-header__language-selector login-lang-text-size" href="#" data-ecl-language-selector role="button" aria-label="Change language, current language is English" aria-controls="language-list-overlay"> <span class="ecl-site-header__language-icon"> <svg class="ecl-icon ecl-icon--s ecl-site-header__icon login-lang-image-size" focusable="false" aria-hidden="false" role="img" "> <use xlink:href="./../../../../revamp/components/vendor/ec/eu-preset-v4.1.1/images/icons/svg/all/global.svg#global"/use> <title>English</title> </svg> </span> English </a> <div class="ecl-site-header__language-container" id="language-list-overlay" hidden data-ecl-language-list-overlay aria-labelledby="ecl-site-header__language-title" role="dialog"> <div class="ecl-site-header__language-header"> <div class="ecl-site-header__language-title" id="ecl-site-header__language-title"> Select your language </div> <button id="languageButtonClose" class="ecl-button ecl-button--tertiary" type="submit" data-ecl-language-list-close> <span class="ecl-button__container"> <span class="ecl-button__label" data-ecl-label="true"></span> <svg class="ecl-icon ecl-icon--l ecl-button__icon lang-panel-close" focusable="false" aria-hidden="true" data-ecl-icon> <use alt="Close button" xlink:href="./../../../../revamp/components/vendor/ec/eu-preset-v4.1.1/images/icons/svg/all/close-filled.svg#close-filled"/> </svg> </span> </button> </div> <hr class="lang-box-divisor"/> <div class="ecl-site-header__language-content"> <div class="ecl-site-header__language-category" data-ecl-language-list-eu> <div class="ecl-site-header__language-category-title"> Official EU languages: </div> <form id="languageForm" method="get" name="languageForm"> <input type="hidden" name="eliuri" value="eli:reg_impl:2024:2690:oj"></input> <ul class="ecl-site-header__language-list"> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;bg&#039;); $(this).closest(&#039;form&#039;).submit();" id="bg" lang=bg hreflang=bg ><span class="ecl-site-header__language-link-code">bg</span><span class="ecl-site-header__language-link-label">български</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;es&#039;); $(this).closest(&#039;form&#039;).submit();" id="es" lang=es hreflang=es ><span class="ecl-site-header__language-link-code">es</span><span class="ecl-site-header__language-link-label">Español</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;cs&#039;); $(this).closest(&#039;form&#039;).submit();" id="cs" lang=cs hreflang=cs ><span class="ecl-site-header__language-link-code">cs</span><span class="ecl-site-header__language-link-label">Čeština</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;da&#039;); $(this).closest(&#039;form&#039;).submit();" id="da" lang=da hreflang=da ><span class="ecl-site-header__language-link-code">da</span><span class="ecl-site-header__language-link-label">Dansk</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;de&#039;); $(this).closest(&#039;form&#039;).submit();" id="de" lang=de hreflang=de ><span class="ecl-site-header__language-link-code">de</span><span class="ecl-site-header__language-link-label">Deutsch</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;et&#039;); $(this).closest(&#039;form&#039;).submit();" id="et" lang=et hreflang=et ><span class="ecl-site-header__language-link-code">et</span><span class="ecl-site-header__language-link-label">Eesti keel</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;el&#039;); $(this).closest(&#039;form&#039;).submit();" id="el" lang=el hreflang=el ><span class="ecl-site-header__language-link-code">el</span><span class="ecl-site-header__language-link-label">Ελληνικά</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;en&#039;); $(this).closest(&#039;form&#039;).submit();" id="en" lang=en hreflang=en ><span class="ecl-site-header__language-link-code">en</span><span class="ecl-site-header__language-link-label">English</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;fr&#039;); $(this).closest(&#039;form&#039;).submit();" id="fr" lang=fr hreflang=fr ><span class="ecl-site-header__language-link-code">fr</span><span class="ecl-site-header__language-link-label">Français</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;ga&#039;); $(this).closest(&#039;form&#039;).submit();" id="ga" lang=ga hreflang=ga ><span class="ecl-site-header__language-link-code">ga</span><span class="ecl-site-header__language-link-label">Gaeilge</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;hr&#039;); $(this).closest(&#039;form&#039;).submit();" id="hr" lang=hr hreflang=hr ><span class="ecl-site-header__language-link-code">hr</span><span class="ecl-site-header__language-link-label">Hrvatski</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;it&#039;); $(this).closest(&#039;form&#039;).submit();" id="it" lang=it hreflang=it ><span class="ecl-site-header__language-link-code">it</span><span class="ecl-site-header__language-link-label">Italiano</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;lv&#039;); $(this).closest(&#039;form&#039;).submit();" id="lv" lang=lv hreflang=lv ><span class="ecl-site-header__language-link-code">lv</span><span class="ecl-site-header__language-link-label">Latviešu valoda</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;lt&#039;); $(this).closest(&#039;form&#039;).submit();" id="lt" lang=lt hreflang=lt ><span class="ecl-site-header__language-link-code">lt</span><span class="ecl-site-header__language-link-label">Lietuvių kalba</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;hu&#039;); $(this).closest(&#039;form&#039;).submit();" id="hu" lang=hu hreflang=hu ><span class="ecl-site-header__language-link-code">hu</span><span class="ecl-site-header__language-link-label">Magyar</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;mt&#039;); $(this).closest(&#039;form&#039;).submit();" id="mt" lang=mt hreflang=mt ><span class="ecl-site-header__language-link-code">mt</span><span class="ecl-site-header__language-link-label">Malti</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;nl&#039;); $(this).closest(&#039;form&#039;).submit();" id="nl" lang=nl hreflang=nl ><span class="ecl-site-header__language-link-code">nl</span><span class="ecl-site-header__language-link-label">Nederlands</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;pl&#039;); $(this).closest(&#039;form&#039;).submit();" id="pl" lang=pl hreflang=pl ><span class="ecl-site-header__language-link-code">pl</span><span class="ecl-site-header__language-link-label">Polski</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;pt&#039;); $(this).closest(&#039;form&#039;).submit();" id="pt" lang=pt hreflang=pt ><span class="ecl-site-header__language-link-code">pt</span><span class="ecl-site-header__language-link-label">Português</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;ro&#039;); $(this).closest(&#039;form&#039;).submit();" id="ro" lang=ro hreflang=ro ><span class="ecl-site-header__language-link-code">ro</span><span class="ecl-site-header__language-link-label">Română</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;sk&#039;); $(this).closest(&#039;form&#039;).submit();" id="sk" lang=sk hreflang=sk ><span class="ecl-site-header__language-link-code">sk</span><span class="ecl-site-header__language-link-label">Slovenčina</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;sl&#039;); $(this).closest(&#039;form&#039;).submit();" id="sl" lang=sl hreflang=sl ><span class="ecl-site-header__language-link-code">sl</span><span class="ecl-site-header__language-link-label">Slovenščina</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;fi&#039;); $(this).closest(&#039;form&#039;).submit();" id="fi" lang=fi hreflang=fi ><span class="ecl-site-header__language-link-code">fi</span><span class="ecl-site-header__language-link-label">Suomi</span></a> </li> <li class="ecl-site-header__language-item"> <a href="#" class="ecl-link ecl-link--standalone ecl-link--no-visited ecl-site-header__language-link" onclick="$(&#039;#langToSubmit&#039;).val(&#039;sv&#039;); $(this).closest(&#039;form&#039;).submit();" id="sv" lang=sv hreflang=sv ><span class="ecl-site-header__language-link-code">sv</span><span class="ecl-site-header__language-link-label">Svenska</span></a> </li> </ul> <input type="hidden" name="locale" id="langToSubmit" value=""> </form> </div> </div> </div> </div> </div> </div> </div> <div class="ecl-site-header__container ecl-container header-width-override bottom-header-padding"> <div class="container-fluid container-width"> <div class="row"> <div class="col-xs-8 ecl-container-padding-removal"> <div id="small-vertical-blue-divisor-with-label" class="ecl-site-header__site-name site-header eurlex-text-size"> <div> <a href="./../../../../homepage.html?lang=en" class="header-link" id="authenticationRequiredSignIn" > EUR-Lex </a> </div> <div class="site-name-tagline"> Access to European Union law </div> </div> </div> <div class="experimental-feature-tag"> <div class=" col-xs-4 experimental-feature-wrapper radius5p"> <form id="disableExperimentalFeatures" name="disableExperimentalFeatures" action="./../../../../experimental-features.html?action=disableExperimentalFeatures" method="post"> <input type="hidden" value="eli/reg_impl/2024/2690/oj" name="relativeRequestUrl" /> <input type="hidden" value="" name="queryString" /> <div class="input-group input-group-sm experimental-feature-div-position radius5p"> <span class="input-group-addon FormHelpAddon" id ="helpTooltipEF"> <a href="#" data-toggle="tooltip" data-placement="bottom" aria-description="&lt;a href=&quot;https://eur-lex.europa.eu/content/help/eurlex-content/experimental-features.html&quot; target=&quot;_blank&quot;&gt;More about the experimental features corner&lt;/a&gt;" id="expFeatHelp" data-original-title="&lt;a href=&quot;https://eur-lex.europa.eu/content/help/eurlex-content/experimental-features.html&quot; target=&quot;_blank&quot;&gt;More about the experimental features corner&lt;/a&gt;"> <i> <svg class="ef-questionmark-icon" focusable="false" aria-hidden="false" role="img" "> <use xlink:href="./../../../../revamp/components/vendor/ec/eu-preset-v4.1.1/images/icons/svg/all/questionmark.svg#questionmark"/> </svg> </i> <span class="sr-only togglable-screenReader">&lt;a href=&quot;https://eur-lex.europa.eu/content/help/eurlex-content/experimental-features.html&quot; target=&quot;_blank&quot;&gt;More about the experimental features corner&lt;/a&gt;</span> </a> </span> <span title="Experimental features" aria-label="Experimental features" class="btn btn-sm btn-primary popper experimental-feature-btn radius5p"> <span class="hidden-xs">Experimental features</span> <span class="visible-xs"><i class="fa fa-flask" aria-hidden="true"></i></span> <label class="experimental-feature-switch"> <input type="checkbox" id="ef-checkbox" data-toggle="popover" data-placement="bottom" aria-label="Experimental features" > <span class="slider round"></span> </label> </span> </div> <div> <input type="hidden" name="_csrf" value="93c6bf11-ac2d-4e46-af3e-893dc733a7e7" /> </div></form> <form id="applyExperimentalFeatures" name="applyExperimentalFeatures" action="./../../../../experimental-features.html?action=applyExperimentalFeatures" method="post"> <input type="hidden" value="eli/reg_impl/2024/2690/oj" name="relativeRequestUrl" /> <input type="hidden" value="" name="queryString" /> <div class="exp-feature-float-box popover fade in"> <button type="button" class="close" id="experimental-feature-close" aria-label="Close"><span aria-hidden="true">×</span></button> <div> <h5 class="text-center">Choose the experimental features you want to try</h5> <hr> <div class="homepageMessage experimental-feature-disclaimer hidden-xs"> <p>Do you want to help improving EUR-Lex ? This is a list of experimental features that you can enable. These features are still under development; they are not fully tested, and might reduce EUR-Lex stability. Don&#39;t forget to give your feedback!</p> </div> <div id="exp-feautre-js-warning-box" class="alert-danger exp-feature-alert-danger hidden" role="alert"> <span class="fa fa-exclamation-triangle" aria-hidden="true">&nbsp;</span> Warning! Experimental feature conflicts detected. </div> <div class="experimental-feature-list"> <fieldset> <ul class="browseTree " id="experimental-features-inner-items"> <li> <ul class="browseTree"> <li> <label class=""> <input id="experimentalFeatureCheckbox_EF02" name="selectedExperimentExperimentalFeaturesValues" autocomplete="off" class="exp-feature-child-checkbox" type="checkbox" value="EF02"/><input type="hidden" name="_selectedExperimentExperimentalFeaturesValues" value="on"/> Replacement of CELEX identifiers by short titles - experimental feature. It replaces clickable CELEX identifiers of treaties and case-law by short titles. </label> </li> <li> <label class=""> <input id="experimentalFeatureCheckbox_EF03" name="selectedExperimentExperimentalFeaturesValues" autocomplete="off" class="exp-feature-child-checkbox" type="checkbox" value="EF03"/><input type="hidden" name="_selectedExperimentExperimentalFeaturesValues" value="on"/> Visualisation of document relationships. It displays a dynamic graph with relations between the act and related documents. It is currently only available for legal acts. </label> </li> </ul> </li> <li> <ul class="browseTree"> <li> <label class=""> <input id="experimentalFeatureCheckbox_EF01" name="selectedExperimentExperimentalFeaturesValues" autocomplete="off" class="exp-feature-child-checkbox" type="checkbox" value="EF01"/><input type="hidden" name="_selectedExperimentExperimentalFeaturesValues" value="on"/> Deep linking. It enables links to other legal acts referred to within the documents. It is currently only available for documents smaller than 900 KB. </label> </li> </ul> </li> </ul> </fieldset> </div> <div> <button id="exp-feature-btn-apply" type="submit" class="btn btn-sm btn-primary radius5p"> Apply </button> </div> </div> </div> <div> <input type="hidden" name="_csrf" value="93c6bf11-ac2d-4e46-af3e-893dc733a7e7" /> </div></form> <a href="./../../../../experimental-features.html?action=confirmFeedback" class="eurlexModal btn btn-primary btn-sm hidden" id="link-give-feedback" ></a> </div> </div> <script type="text/javascript"> $(document).ready(function() { var conflicts = {}; initializeFloatingBox(conflicts,$(document).find('.exp-feature-child-checkbox'),""); var expOriginalTooltip = $('#expFeatHelp').attr('aria-description'); expOriginalTooltip = expOriginalTooltip.replace(/(<([^>]+)>)/ig,''); $('#expFeatHelp').attr('aria-description',expOriginalTooltip); }); </script> </div> <div id="horizontal-blue-divisor" class="row blue-divisor-padding"> <div class="container-fluid lower-header-border blue-horizontal-margin"></div> </div> </div> </div> </div> </div> </header> <div id="op-header-pdf" class="visible-print-block"> <div class="ecl-site-header__background"> <div class="ecl-site-header__header"> <div class="ecl-site-header__container ecl-container upper-header-border header-width-override pdf-logo-img-container"> <div class="ecl-site-header__top" data-ecl-site-header-top> <img class="ecl-site-footer__logo-image pdf-logo-img" src="./../../../../images/eu-logo/logo-eu-en-01.jpg" > </div> </div> <div class="ecl-site-header__container ecl-container header-width-override"> <div class="container-fluid container-width elx-container-rows-pdf"> <div class="row elx-container-pdf"> <div class="col-xs-8 ecl-container-padding-removal"> <div class="ecl-site-header__site-name site-header"> <div class="elx-label-pdf"> EUR-Lex </div> <div class="elx-label-text-pdf site-name-tagline"> Access to European Union law </div> </div> </div> </div> <div class="row blue-divisor-padding"> <div class="container-fluid lower-header-border lower-header-border-pdf blue-horizontal-margin"></div> </div> </div> </div> </div> </div> <div class="op-site-subtitle-pdf"> <p class="subtitle-extraction-info-pdf"> This document is an excerpt from the EUR-Lex website </p> <div class="subtitle-url-info-pdf"> </div> </div> </div> <script type="text/javascript"> var home_lang = en; $(document).ready(function(){ svg4everybody({ polyfill: true }); ECL.autoInit(); }); $(document).ready(function(){ $(".ecl-site-header__language-link--active").removeClass("ecl-site-header__language-link--active"); $(home_lang).addClass("ecl-site-header__language-link--active"); }); </script> <div class="left-right-padding"> <div class="row ecl-container ecl-container-padding-removal"> <div class="col-md-8 breadcrumbs-padding"> <div class="SiteBreadcrumb"> <span class="sr-only">You are here</span> <ol class="fa-ul notBootstrapBreadcrumb hidden-xs hidden-sm"> <li><a target="_blank" href="https://europa.eu/european-union/index_en">EUROPA</a></li> <li class="breadcrumbPathItemWithArrow"> <a href="./../../../../homepage.html" title="EUR-Lex home" ><i class="fa-li fa fa-angle-right"></i>EUR-Lex home</a> </li> <li class="active"><i class="fa-li fa fa-angle-right"></i>Implementing regulation - EU - 2024/2690 - EN - EUR-Lex </li> </ol> </div><!-- SiteBreadcrumb --> </div> <div class="col-md-4 ShareBar breadcrumbs-padding"> <div class="PageShare"> <ul> <li class="hidden-xs hidden-sm"> <a href="./../../../../content/help.html" class="PSHelp EurlexTooltip" aria-description = "Help" data-toggle="tooltip" title="Help" data-original-title="Help" ><svg class="ecl-icon ecl-icon--s faq-image-size" focusable="false" aria-hidden="false" role="img"><use xlink:href="./../../../../revamp/components/vendor/ec/eu-preset-v4.1.1/images/icons/svg/all/faq.svg#faq" /></svg>Help</a> </li> <li class="hidden-xs hidden-sm"> <button data-target="./../../../../eli/reg_impl/2024/2690/oj?eliuri=eli:reg_impl:2024:2690:oj&amp;print=true" onclick="window.open('./../../../../eli/reg_impl/2024/2690/oj?eliuri=eli:reg_impl:2024:2690:oj&amp;print=true','','scrollbars=yes,menubar=no, status=no, directories=no, location=no, resizable=no, width=1024, height=600');return false;" target="_blank" class="PSPrint EurlexTooltip" data-toggle="tooltip" title="Print" aria-description="Print" data-original-title="Print this page"> <i class="fa fa-print" aria-hidden="true"></i> Print </button> </li> <li class="shareApi"> <script type="application/json">{ "service": "share", "counter": false, "css": { "button": "myButton" }, "link": "https://eur-lex.europa.eu/eli/reg_impl/2024/2690/oj/eng" }</script> </li> </ul> <script type="text/javascript"> $(document).ready(function () { let observer = new MutationObserver((mutations) => { mutations.forEach((mutation) => { if (!mutation.addedNodes) return for (let i = 0; i < mutation.addedNodes.length; i++) { let node = mutation.addedNodes[i] if( $(node) != undefined && $(node).is("a") && $(node).hasClass("myButton") && $(node).find("i").length===0){ $(node).prepend("<i class='fa fa-share-alt' aria-hidden='true'></i>") observer.disconnect(); } } }) }) const target = $('.PageShare').get(0); observer.observe(target, { subtree: true, childList: true }) }); $(document).ready(function() { // Function to check viewport width and execute code if it drops below 991px function checkWidth() { if ($(window).width() <= 991) { $('a[href="#share"]').html("<i class='fa fa-share-alt' aria-hidden='true'></i>"); } } // Check width on page load checkWidth(); // Check width on window resize $(window).resize(function() { checkWidth(); }); }); </script> </div> </div> </div> <div class="NavSearch"> <div class="row"> <div class="col-xs-2 dropdown EurlexNav"> <button type="button" class="btn btn-primary btn-block" id="EurlexNavBtn" title="EUR-Lex menu" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false" aria-label="Open Navigation Menu"><i class="fa fa-bars" aria-hidden="true"></i><span class="hidden-xs">Menu</span></button><div class="dropdown-menu MegaMenu" aria-labelledby="EurlexNavBtn"> <div class="row"> <div class="col-sm-6 col-md-4"> <nav class="MenuBlock "> <p class="BlockTitle" role="heading">EU law</p> <ul class="MenuList TreeMenu"> <li><a href="#" class="has-arrow" aria-expanded="false" id="treaties" title="Treaties"><i class="fa fa-angle-right" aria-hidden="true"></i>Treaties</a><ul class="collapse"> <li class=""><a href="./../../../../collection/eu-law/treaties/treaties-force.html" id="treaties-force" title="Treaties currently in force">Treaties currently in force</a></li> <li class=""><a href="./../../../../collection/eu-law/treaties/treaties-founding.html" id="treaties-founding" title="Founding treaties">Founding treaties</a></li> <li class=""><a href="./../../../../collection/eu-law/treaties/treaties-accession.html" id="treaties-accession" title="Accession Treaties">Accession Treaties</a></li> <li class=""><a href="./../../../../collection/eu-law/treaties/treaties-other.html" id="treaties-other" title="Other treaties and protocols">Other treaties and protocols</a></li> <li class=""><a href="./../../../../collection/eu-law/treaties/treaties-overview.html" id="treaties-overview" title="Chronological overview">Chronological overview</a></li> </ul> </li> <li class=""><a href="./../../../../collection/eu-law/legal-acts/recent.html" class="no-arrow" id="recent" title="Legal acts">Legal acts</a></li> <li class=""><a href="./../../../../collection/eu-law/consleg.html" class="no-arrow" id="consolidated-texts" title="Consolidated texts">Consolidated texts</a></li> <li class=""><a href="./../../../../collection/eu-law/inter-agree.html" class="no-arrow" id="inter-agree" title="International agreements">International agreements</a></li> <li class=""><a href="./../../../../collection/eu-law/pre-acts.html" class="no-arrow" id="working-documents" title="Preparatory documents">Preparatory documents</a></li> <li class=""><a href="./../../../../collection/eu-law/efta.html" class="no-arrow" id="efta" title="EFTA (European Free Trade Association) documents">EFTA documents</a></li> <li class=""><a href="./../../../../collection/legislative-procedures.html" class="no-arrow" id="procedures" title="Lawmaking procedures and EU Law Tracker">Lawmaking procedures</a></li> <li class=""><a href="./../../../../browse/summaries.html" class="no-arrow" id="summary" title="Summaries of EU legislation">Summaries of EU legislation</a></li> <li><a href="#" class="has-arrow" aria-expanded="false" id="institutions-intro" title="Browse by EU institutions"><i class="fa fa-angle-right" aria-hidden="true"></i>Browse by EU institutions</a><ul class="collapse"> <li class=""><a href="./../../../../browse/institutions/eu-parliament.html" id="eu-parliament" title="European Parliament">European Parliament</a></li> <li class=""><a href="./../../../../browse/institutions/eu-council.html" id="European-Council" title="European Council">European Council</a></li> <li class=""><a href="./../../../../browse/institutions/council.html" id="Council" title="Council of the European Union">Council of the European Union</a></li> <li class=""><a href="./../../../../browse/institutions/eu-commission.html" id="European-Commission" title="European Commission">European Commission</a></li> <li class=""><a href="./../../../../browse/institutions/justice.html" id="Court-of-Justice-of-the-European-Union" title="Court of Justice of the European Union">Court of Justice of the European Union</a></li> <li class=""><a href="./../../../../browse/institutions/bank.html" id="European-Central-Bank" title="European Central Bank">European Central Bank<i class="fa fa-bar-chart" aria-hidden="true" style="margin-left:5px;"></i></a></li> <li class=""><a href="./../../../../browse/institutions/auditors.html" id="Court-of-Auditors" title="European Court of Auditors">European Court of Auditors</a></li> <li class=""><a href="./../../../../browse/institutions/eco-social.html" id="EESC" title="European Economic and Social Committee">European Economic and Social Committee</a></li> <li class=""><a href="./../../../../browse/institutions/regions.html" id="Committee-of-Regions" title="European Committee of the Regions">European Committee of the Regions</a></li> </ul> </li> <li class=""><a href="./../../../../browse/eurovoc.html" class="no-arrow" id="eurovoc" title="Browse by EuroVoc (EU's multilingual and multidisciplinary thesaurus)">Browse by EuroVoc</a></li> </ul> </nav> </div> <div class="col-sm-6 col-md-4"> <nav class="MenuBlock "> <p class="BlockTitle" role="heading">EU case-law</p> <ul class="MenuList"> <li class=""><a href="./../../../../collection/eu-law/eu-case-law.html" class="no-arrow" id="case-law" title="Case-law">Case-law</a></li> <li class=""><a href="./../../../../collection/eu-law/eu-case-law/reports.html" class="no-arrow" id="electronic-report" title="Reports of cases">Reports of cases</a></li> <li class=""><a href="./../../../../browse/directories/new-case-law.html" class="no-arrow" id="directory-eu-case-law" title="Directory of case-law">Directory of case-law</a></li> </ul> </nav> </div> <div class="col-sm-6 col-md-4"> <nav class="MenuBlock "> <p class="BlockTitle" role="heading">Official Journal</p> <ul class="MenuList"> <li class=""><a href="./../../../../oj/direct-access.html" class="no-arrow" id="direct-access" title="Access the Official Journal">Access the Official Journal</a></li> <li class=""><a href="./../../../../oj/daily-view/L-series/default.html" class="no-arrow" id="L-series" title="Official Journal L series daily view">Official Journal L series daily view</a></li> <li class=""><a href="./../../../../oj/daily-view/C-series/default.html" class="no-arrow" id="C-series" title="Official Journal C series daily view">Official Journal C series daily view</a></li> <li class=""><a href="./../../../../oj/browse-oj.html" class="no-arrow" id="boj" title="Browse the Official Journal">Browse the Official Journal</a></li> <li class=""><a href="./../../../../oj/all/auth-direct-access.html" class="no-arrow" id="auth-direct-access" title="Legally binding printed editions">Legally binding printed editions</a></li> <li class=""><a href="./../../../../eu-enlargement/special.html" class="no-arrow" id="se" title="Special editions">Special editions</a></li> </ul> </nav> </div> <div class="col-sm-6 col-md-4 col-break-sm"> <nav class="MenuBlock "> <p class="BlockTitle" role="heading">National law and case-law</p> <ul class="MenuList"> <li class=""><a href="./../../../../collection/n-law/mne.html" class="no-arrow" id="mne" title="National transposition">National transposition</a></li> <li class=""><a href="./../../../../collection/n-law/n-case-law.html" class="no-arrow" id="n-case-law" title="National case-law">National case-law</a></li> <li class=""><a href="./../../../../collection/n-law/jure.html" class="no-arrow" id="JURE" title="JURE (Jurisdiction, recognition and enforcement of judgments in civil and commercial matters) case-law">JURE case-law</a></li> </ul> </nav> </div> <div class="col-sm-6 col-md-4"> <nav class="MenuBlock "> <p class="BlockTitle" role="heading">Information</p> <ul class="MenuList TreeMenu"> <li class=""><a href="./../../../../content/news/index.html" class="no-arrow" id="Themes_in_focus" title="Themes in focus">Themes in focus</a></li> <li class=""><a href="./../../../../content/development/index.html" class="no-arrow" id="developmentsEUR-Lex" title="EUR-Lex developments">EUR-Lex developments</a></li> <li class=""><a href="./../../../../statistics/statistics.html" class="no-arrow" id="statistic" title="Statistics">Statistics</a></li> <li><a href="#" class="has-arrow" aria-expanded="false" id="eli-register-nav" title="ELI (European Legislation Identifier) register"><i class="fa fa-angle-right" aria-hidden="true"></i>ELI register</a><ul class="collapse"> <li class=""><a href="./../../../../eli-register/about.html" id="about" title="About ELI">About ELI</a></li> <li class=""><a href="./../../../../eli-register/technical_information.html" id="technical_information" title="Technical information">Technical information</a></li> <li class=""><a href="./../../../../eli-register/implementation.html" id="implementation" title="ELI implementation overview">ELI implementation overview</a></li> <li class=""><a href="./../../../../eli-register/resources.html" id="resources" title="Resources for implementing ELI">Resources for implementing ELI</a></li> <li class=""><a href="./../../../../eli-register/index.html" id="index" title="ELI highlights">ELI highlights</a></li> <li class=""><a href="./../../../../eli-register/testimonials.html" id="testimonials" title="ELI testimonials">ELI testimonials</a></li> <li class=""><a href="./../../../../eli-register/legis_schema_org.html" id="legis_schema_org" title="Legislation in schema.org">Legislation in schema.org</a></li> </ul> </li> <li class=""><a href="./../../../../budget/www/index-en.htm" class="no-arrow" id="EU_budget" title="EU budget online">EU budget online</a></li> </ul> </nav> </div> </div> </div> </div> <div class="col-xs-10"> <div class="EurlexSearch"> <form id="quick-search" name="quick-search" class="DistinctiveForm QSF" action="./../../../../quick-search-form.html" method="post" onsubmit="showHourglass();" autocomplete="off"> <input id="editscope" type="hidden" name="scope" value="EURLEX"/> <div class="QuickSearch"> <label for="QuickSearchField"><i class="fa fa-search hidden-xs" aria-hidden="true"></i><span class="sr-only">Quick search</span></label> <textarea id="QuickSearchField" name="text" class="form-control NoBorders AutoGrow typeahead autocompleteField" data-provide="typeahead" placeholder="QUICK SEARCH" aria-describedby="QuickSearchHelp" rows="1" autocomplete="off"></textarea> <button class="btn btn-primary QuickSearchBtn" type="submit" title="Search" aria-label="Search"> <i class="fa fa-search" aria-hidden="true"></i> </button> </div> <div class="DistinctiveFormMessage EurlexTooltip" tabindex="0" data-toggle="tooltip" title="Please clear the other quick search options before using this one"></div> <div> <input type="hidden" name="_csrf" value="93c6bf11-ac2d-4e46-af3e-893dc733a7e7" /> </div></form> <div class="QuickSearchOptions fade sr-only"> <div id="QuickSearchHelp"> <i class="fa fa-info" aria-hidden="true"></i> Use quotation marks to search for an &quot;exact phrase&quot;. Append an asterisk (<abbr title='Asterisk'>*</abbr>) to a search term to find variations of it (transp<abbr title='Asterisk'>*</abbr>, 32019R<abbr title='Asterisk'>*</abbr>). Use a question mark (<abbr title='Question mark'>?</abbr>) instead of a single character in your search term to find variations of it (ca<abbr title='Question mark'>?</abbr>e finds case, cane, care). </div> <button id="QuickSearchClose" type="button" class="close" aria-label="Close" onclick="closeQSHelp()"> <i class="fa fa-times" aria-hidden="true">&nbsp;</i> </button> </div> <div class="QSMore"> <div class="col-xs-4 text-left"> <a href="#" onclick="showQSHelpAlt()" title="Search tips" > <i class="fa fa-info-circle" aria-hidden="true">&nbsp;</i> Search tips </a> </div> <div class="col-xs-8 text-right"> <span class=" ">Need more search options? Use the</span> <a href="./../../../../advanced-search-form.html" title="Advanced search" >Advanced search</a> </div> </div> </div> </div> <script type="text/javascript"> $(document).ready(function() { var quickSearchFld = $('#QuickSearchField.autocompleteField'); typeaheadFld(quickSearchFld, "./../../../../autocomplete.html", true, 'QuickSearch'); }); var quickSearchHelpAlt="Use quotation marks to search for an &quot;exact phrase&quot;. Append an asterisk (<abbr title='Asterisk'>*</abbr>) to a search term to find variations of it (transp<abbr title='Asterisk'>*</abbr>, 32019R<abbr title='Asterisk'>*</abbr>). Use a question mark (<abbr title='Question mark'>?</abbr>) instead of a single character in your search term to find variations of it (ca<abbr title='Question mark'>?</abbr>e finds case, cane, care)."; var quickSearchHelp="Use quotation marks to search for an &quot;exact phrase&quot;. Append an asterisk (<abbr title='Asterisk'>*</abbr>) to a search term to find variations of it (transp<abbr title='Asterisk'>*</abbr>, 32019R<abbr title='Asterisk'>*</abbr>). Use a question mark (<abbr title='Question mark'>?</abbr>) instead of a single character in your search term to find variations of it (ca<abbr title='Question mark'>?</abbr>e finds case, cane, care)."; </script> </div> </div> </div> <div class="left-right-padding"> <div id="MainContent"> <div class="PageTitle"> <div class="row"> <div class="col-xs-2 col-sm-1 visible-xs-block visible-sm-block"> <button type="button" class="btn btn-default btn-sm btn-block visible-xs-inline visible-sm-inline" data-toggle="offcanvas"> <i class="fa fa-ellipsis-v" aria-hidden="true"></i> </button> </div><!-- col --> <div class="col-xs-2 col-sm-1 visible-xs-block visible-sm-block"> </div> <div class="col-xs-5 col-sm-4 col-md-3 col-md-push-3 col-sm-push-4 col-xs-pull-2"> <p class="DocumentTitle pull-left">Document&nbsp;32024R2690</p> </div><!-- col --> <div class="col-sm-5 col-md-3 col-md-pull-3 hidden-xs col-sm-pull-5"> </div> <div class="col-xs-2 col-sm-1 col-md-6" > <div class="PageShare pageShareMobile"> <ul> <li class="hidden-xs hidden-sm"> <a href="./../../../../content/help.html" class="PSHelp EurlexTooltip" aria-description = "Help" data-toggle="tooltip" title="Help" data-original-title="Help" ><svg class="ecl-icon ecl-icon--s faq-image-size" focusable="false" aria-hidden="false" role="img"><use xlink:href="./../../../../revamp/components/vendor/ec/eu-preset-v4.1.1/images/icons/svg/all/faq.svg#faq" /></svg>Help</a> </li> <li class="hidden-xs hidden-sm"> <button data-target="./../../../../eli/reg_impl/2024/2690/oj?eliuri=eli:reg_impl:2024:2690:oj&amp;print=true" onclick="window.open('./../../../../eli/reg_impl/2024/2690/oj?eliuri=eli:reg_impl:2024:2690:oj&amp;print=true','','scrollbars=yes,menubar=no, status=no, directories=no, location=no, resizable=no, width=1024, height=600');return false;" target="_blank" class="PSPrint EurlexTooltip" data-toggle="tooltip" title="Print" aria-description="Print" data-original-title="Print this page"> <i class="fa fa-print" aria-hidden="true"></i> Print </button> </li> <li class="shareApi"> <script type="application/json">{ "service": "share", "counter": false, "css": { "button": "myButton" }, "link": "https://eur-lex.europa.eu/eli/reg_impl/2024/2690/oj/eng" }</script> </li> </ul> <script type="text/javascript"> $(document).ready(function () { let observer = new MutationObserver((mutations) => { mutations.forEach((mutation) => { if (!mutation.addedNodes) return for (let i = 0; i < mutation.addedNodes.length; i++) { let node = mutation.addedNodes[i] if( $(node) != undefined && $(node).is("a") && $(node).hasClass("myButton") && $(node).find("i").length===0){ $(node).prepend("<i class='fa fa-share-alt' aria-hidden='true'></i>") observer.disconnect(); } } }) }) const target = $('.PageShare').get(0); observer.observe(target, { subtree: true, childList: true }) }); $(document).ready(function() { // Function to check viewport width and execute code if it drops below 991px function checkWidth() { if ($(window).width() <= 991) { $('a[href="#share"]').html("<i class='fa fa-share-alt' aria-hidden='true'></i>"); } } // Check width on page load checkWidth(); // Check width on window resize $(window).resize(function() { checkWidth(); }); }); </script> </div> </div><!-- col --> </div> <!-- row --> </div> <div class="row row-offcanvas"> <div class="col-md-3 sidebar-offcanvas"> <div class="AffixSidebarWrapper"> <nav class="Sidebar" id="AffixSidebar"> <ul class="MenuList"> <li class="Selected"> <a href="./../../../../legal-content/EN/TXT/?uri=CELEX:32024R2690" > Text </a> <input type="hidden" id="selectedTabEnglishTranslationID_text" value="Text"> </li> <li > <a href="./../../../../legal-content/EN/ALL/?uri=CELEX:32024R2690" > Document information </a> <input type="hidden" id="selectedTabEnglishTranslationID_all" value="Document information"> </li> </ul> <ul class="SidebarTools"> <li> <a id="link-upToDate" href="http://data.europa.eu/eli/reg_impl/2024/2690" title="Link to the up-to-date version of the document and pending amendments if any"> <i class="fa fa-refresh" aria-hidden="true"></i> Up-to-date link </a> </li> <li> <a id="link-permanent-link" class="hidden-print hideInPdf" style="display:none" href="javascript:;" onclick="createCookie('bookmark','trigger',1); window.open('./../../../../eli/reg_impl/2024/2690/oj'+window.location.hash); return true;" title="Link to this version of the document"><i class="fa fa-bookmark" aria-hidden="true"></i>Permanent link</a> <a id="link-add-favorite" class="hidden-print hideInPdf" style="display:none" href="javascript:;" onclick="addFavorite(document.location.href,'EUR-Lex Document CELEX:32024R2690','./../../../../modal-message.html?labelIdTitle=favoriteError.pageTitle&labelIdContent=label.addFavoriteErrorMessage');" title="Bookmark this item"><i class="fa fa-bookmark" aria-hidden="true"></i>Bookmark this item</a> <script type="text/javascript"> $(document).ready(function () { if (readCookie('bookmark') == 'trigger') { deleteCookie('bookmark'); $('#link-add-favorite').addClass("onlyJsInlineBlock"); $('#link-add-favorite').show(); } else { // Permanent link (DISPLAYED FIST) should remove qid from query string, and bookmark link should be displayed in its place when page refreshes $('#link-permanent-link').addClass("onlyJsInlineBlock"); $('#link-permanent-link').show(); } }); </script> </li> <li class=" "> <a href="./../../../../download-notice.html?legalContentId=cellar:28f15de8-8ce9-11ef-a130-01aa75ed71a1&amp;noticeType=branch&amp;callingUrl=%2Feli%2Freg_impl%2F2024%2F2690%2Foj&amp;lng=EN" title="Download the document XML notice" id="link-download-notice" > <i class="fa fa-download" aria-hidden="true"></i> Download notice </a> </li> <li> <a href="./../../../../error/authentication-required.html?callingUrl=%2Feli%2Freg_impl%2F2024%2F2690%2Foj&amp;towardUrl=%2Fprotected%2Fsave-document.html%3FlegalContentId%3Dcellar%3A28f15de8-8ce9-11ef-a130-01aa75ed71a1%26callingUrl%3D%252Feli%252Freg_impl%252F2024%252F2690%252Foj" class="eurlexModal grayLink" title="Save documents on EUR-Lex for quick access. &lt;LIBELLE CODE=&#034;saveProcedure.label&#034;&gt;&lt;![CDATA[Save procedures on EUR-Lex for quick access. &lt;LIBELLE CODE=&#034;see.other.ACP-EU.sessions&#034;&gt;&lt;![CDATA[See other ACP-EU Joint Parliamentary Assembly sessions" id="link-save-document" > <i class="fa fa-sticky-note-o" aria-hidden="true"></i> Save to My items </a> </li> <li> <a href="./../../../../error/authentication-required.html?callingUrl=%2Fhomepage.html&amp;towardUrl=%2Fprotected%2Fsave-email-alert%2Fnotice-to-email.html%3FlegalContentId%3Dcellar%3A28f15de8-8ce9-11ef-a130-01aa75ed71a1%26callingUrl%3D%252Feli%252Freg_impl%252F2024%252F2690%252Foj%26isAddNoticeRSS%3Dtrue%26celex%3D32024R2690" class="eurlexModal grayLink" title="Follow this document via email notifications. To activate this feature, you need to sign in first." id="link-follow-document" > <i class="fa fa-bell-o" aria-hidden="true"></i> Create an email alert </a> </li> <li> <a href="./../../../../error/authentication-required.html?callingUrl=%2Fhomepage.html&amp;towardUrl=%2Fprotected%2Fsave-rss%2Fnotice-to-rss.html%3FlegalContentId%3Dcellar%3A28f15de8-8ce9-11ef-a130-01aa75ed71a1%26callingUrl%3D%252Feli%252Freg_impl%252F2024%252F2690%252Foj%26isAddNoticeRSS%3Dtrue%26celex%3D32024R2690" class="eurlexModal grayLink" title="Follow this document via RSS feeds." id="link-follow-document" > <i class="fa fa-rss" aria-hidden="true"></i> Create an RSS alert </a> </li> </ul> <div id="tocSidebar" class="hidden-xs hidden-sm"> <div class="tocWrapper"> <button id="tocBtn" class="btn btn-sm hidden" type="submit" onclick="generateTOC(false, 'To display the table of contents, zoom out or increase the size of your browser window.', 'Top', 'false');"> <span class="pull-left" onclick="$('#tocBtn').click();"> <span class="fa fa-list" aria-hidden="true">&nbsp;</span> Table of contents </span> </button> <button id="tocHideBtn" class="btn btn-sm hidden" type="submit" onclick="hideTOC($(this));"> <span class="pull-left"> <span class="fa fa-list" aria-hidden="true">&nbsp;</span> Hide table of contents </span> </button> </div> </div> </nav> </div> <!-- AffixSidebarWrapper --> </div> <div class="col-md-9" id="documentView"> <div class="EurlexContent"> <!-- panel-group that hosts all page panels --> <div class="panel-group" role="tablist" aria-multiselectable="true"> <!-- Transform the document notice xml with the corresponding xslt --> <div id="PP1Contents" class="" role="" aria-labelledby=""> <div class="" lang="EN"> <div id="translatedTitle" class="hidden"> ​ </div> <p id="englishTitle" class="hidden">Commission Implementing Regulation (EU) 2024/2690 of 17 October 2024 laying down rules for the application of Directive (EU) 2022/2555 as regards technical and methodological requirements of cybersecurity risk-management measures and further specification of the cases in which an incident is considered to be significant with regard to DNS service providers, TLD name registries, cloud computing service providers, data centre service providers, content delivery network providers, managed service providers, managed security service providers, providers of online market places, of online search engines and of social networking services platforms, and trust service providers</p> <p id="title" class="title-bold">Commission Implementing Regulation (EU) 2024/2690 of 17 October 2024 laying down rules for the application of Directive (EU) 2022/2555 as regards technical and methodological requirements of cybersecurity risk-management measures and further specification of the cases in which an incident is considered to be significant with regard to DNS service providers, TLD name registries, cloud computing service providers, data centre service providers, content delivery network providers, managed service providers, managed security service providers, providers of online market places, of online search engines and of social networking services platforms, and trust service providers</p> <p id="originalTitle" class="hidden">Commission Implementing Regulation (EU) 2024/2690 of 17 October 2024 laying down rules for the application of Directive (EU) 2022/2555 as regards technical and methodological requirements of cybersecurity risk-management measures and further specification of the cases in which an incident is considered to be significant with regard to DNS service providers, TLD name registries, cloud computing service providers, data centre service providers, content delivery network providers, managed service providers, managed security service providers, providers of online market places, of online search engines and of social networking services platforms, and trust service providers</p> <p>C/2024/7151</p> <p> <em>OJ L, 2024/2690, 18.10.2024, ELI: <a href="http://data.europa.eu/eli/reg_impl/2024/2690/oj" title="Gives access to this document through its ELI URI." target="_blank">http://data.europa.eu/eli/reg_impl/2024/2690/oj</a> (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)</em> </p> <p xmlns="http://www.w3.org/1999/xhtml" class="forceIndicator"> <span> <img class="forceIndicatorBullet" src="./../../../../images/green-on.png" alt="Legal status of the document"/> </span>In force</p> <p>ELI: <a xmlns="http://www.w3.org/1999/xhtml" href="http://data.europa.eu/eli/reg_impl/2024/2690/oj" title="Gives access to this document through its ELI URI.">http://data.europa.eu/eli/reg_impl/2024/2690/oj</a> </p> <div class="PageTools clearfix hideInPdf hide-border"> <div class="btn-group btn-group-xs pull-right" role="group" aria-label=""> <button onclick="expandAll()" id="ExpandAll" type="button" class="btn btn-link"> <i class="fa fa-angle-double-down" aria-hidden="true">&nbsp;</i>Expand all</button> <button onclick="collapseAll()" id="CollapseAll" type="button" class="btn btn-link"> <i class="fa fa-angle-double-up" aria-hidden="true">&nbsp;</i>Collapse all</button> </div> </div> </div> </div> <div class="panel panel-default PagePanel"> <div class="panel-heading" role="tab" id="PP2"> <p class="panel-title"> <button data-toggle="collapse" data-target="#PP2Contents" aria-expanded="true" aria-controls="PP2Contents" class=" " onclick="createDocPartCookie(this);"> <i class="fa fa-angle-right" aria-hidden="true">&nbsp;</i>Languages, formats and authentic version</button> </p> </div> <div id="PP2Contents" class="panel-collapse collapse in" role="tabpanel" aria-labelledby="PP2"> <div class="panel-body PanelBodyB"> <div class="PubFormats"> <div class="PubFormat visible-lg-table"> <div class="PubFormatType"> <span class="sr-only">Language</span> </div> <div class="btn-group btn-group-sm"> <ul class="dropdown-menu PubFormatVIEW"> <li class=""> <a href="./../../../../legal-content/BG/TXT/?uri=CELEX:32024R2690" lang="bg" hreflang="bg" title="български"> <span>BG</span> </a> </li> <li class=""> <a href="./../../../../legal-content/ES/TXT/?uri=CELEX:32024R2690" lang="es" hreflang="es" title="Español"> <span>ES</span> </a> </li> <li class=""> <a href="./../../../../legal-content/CS/TXT/?uri=CELEX:32024R2690" lang="cs" hreflang="cs" title="Čeština"> <span>CS</span> </a> </li> <li class=""> <a href="./../../../../legal-content/DA/TXT/?uri=CELEX:32024R2690" lang="da" hreflang="da" title="Dansk"> <span>DA</span> </a> </li> <li class=""> <a href="./../../../../legal-content/DE/TXT/?uri=CELEX:32024R2690" lang="de" hreflang="de" title="Deutsch"> <span>DE</span> </a> </li> <li class=""> <a href="./../../../../legal-content/ET/TXT/?uri=CELEX:32024R2690" lang="et" hreflang="et" title="Eesti keel"> <span>ET</span> </a> </li> <li class=""> <a href="./../../../../legal-content/EL/TXT/?uri=CELEX:32024R2690" lang="el" hreflang="el" title="Ελληνικά"> <span>EL</span> </a> </li> <li class=""> <a href="./../../../../legal-content/EN/TXT/?uri=CELEX:32024R2690" lang="en" hreflang="en" title="English"> <span>EN</span> </a> </li> <li class=""> <a href="./../../../../legal-content/FR/TXT/?uri=CELEX:32024R2690" lang="fr" hreflang="fr" title="Français"> <span>FR</span> </a> </li> <li class=""> <a href="./../../../../legal-content/GA/TXT/?uri=CELEX:32024R2690" lang="ga" hreflang="ga" title="Gaeilge"> <span>GA</span> </a> </li> <li class=""> <a href="./../../../../legal-content/HR/TXT/?uri=CELEX:32024R2690" lang="hr" hreflang="hr" title="Hrvatski"> <span>HR</span> </a> </li> <li class=""> <a href="./../../../../legal-content/IT/TXT/?uri=CELEX:32024R2690" lang="it" hreflang="it" title="Italiano"> <span>IT</span> </a> </li> <li class=""> <a href="./../../../../legal-content/LV/TXT/?uri=CELEX:32024R2690" lang="lv" hreflang="lv" title="Latviešu valoda"> <span>LV</span> </a> </li> <li class=""> <a href="./../../../../legal-content/LT/TXT/?uri=CELEX:32024R2690" lang="lt" hreflang="lt" title="Lietuvių kalba"> <span>LT</span> </a> </li> <li class=""> <a href="./../../../../legal-content/HU/TXT/?uri=CELEX:32024R2690" lang="hu" hreflang="hu" title="Magyar"> <span>HU</span> </a> </li> <li class=""> <a href="./../../../../legal-content/MT/TXT/?uri=CELEX:32024R2690" lang="mt" hreflang="mt" title="Malti"> <span>MT</span> </a> </li> <li class=""> <a href="./../../../../legal-content/NL/TXT/?uri=CELEX:32024R2690" lang="nl" hreflang="nl" title="Nederlands"> <span>NL</span> </a> </li> <li class=""> <a href="./../../../../legal-content/PL/TXT/?uri=CELEX:32024R2690" lang="pl" hreflang="pl" title="Polski"> <span>PL</span> </a> </li> <li class=""> <a href="./../../../../legal-content/PT/TXT/?uri=CELEX:32024R2690" lang="pt" hreflang="pt" title="Português"> <span>PT</span> </a> </li> <li class=""> <a href="./../../../../legal-content/RO/TXT/?uri=CELEX:32024R2690" lang="ro" hreflang="ro" title="Română"> <span>RO</span> </a> </li> <li class=""> <a href="./../../../../legal-content/SK/TXT/?uri=CELEX:32024R2690" lang="sk" hreflang="sk" title="Slovenčina"> <span>SK</span> </a> </li> <li class=""> <a href="./../../../../legal-content/SL/TXT/?uri=CELEX:32024R2690" lang="sl" hreflang="sl" title="Slovenščina"> <span>SL</span> </a> </li> <li class=""> <a href="./../../../../legal-content/FI/TXT/?uri=CELEX:32024R2690" lang="fi" hreflang="fi" title="Suomi"> <span>FI</span> </a> </li> <li class=""> <a href="./../../../../legal-content/SV/TXT/?uri=CELEX:32024R2690" lang="sv" hreflang="sv" title="Svenska"> <span>SV</span> </a> </li> </ul> </div> </div> <div class="PubFormat"> <div class="PubFormatType"> <i class="exi exi-html" aria-hidden="true">&nbsp;</i> <span>HTML</span> </div> <div class="btn-group btn-group-md"> <button type="button" class="btn btn-primary " title="HTML English" onclick="$('#format_language_table_HTML_EN').click();"> <span>EN</span> </button> <button type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <i class="fa fa-caret-down" aria-hidden="true"> </i> <span class="sr-only">Toggle Dropdown</span> </button> <ul class="dropdown-menu PubFormatHTML"> <li> <a href="./../../../../legal-content/BG/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_BG" class="piwik_download" title="HTML български" lang="bg" hreflang="bg" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>BG</span> </a> </li> <li> <a href="./../../../../legal-content/ES/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_ES" class="piwik_download" title="HTML Español" lang="es" hreflang="es" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>ES</span> </a> </li> <li> <a href="./../../../../legal-content/CS/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_CS" class="piwik_download" title="HTML Čeština" lang="cs" hreflang="cs" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>CS</span> </a> </li> <li> <a href="./../../../../legal-content/DA/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_DA" class="piwik_download" title="HTML Dansk" lang="da" hreflang="da" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>DA</span> </a> </li> <li> <a href="./../../../../legal-content/DE/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_DE" class="piwik_download" title="HTML Deutsch" lang="de" hreflang="de" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>DE</span> </a> </li> <li> <a href="./../../../../legal-content/ET/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_ET" class="piwik_download" title="HTML Eesti keel" lang="et" hreflang="et" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>ET</span> </a> </li> <li> <a href="./../../../../legal-content/EL/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_EL" class="piwik_download" title="HTML Ελληνικά" lang="el" hreflang="el" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>EL</span> </a> </li> <li> <a href="./../../../../legal-content/EN/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_EN" class="piwik_download" title="HTML English" lang="en" hreflang="en" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>EN</span> </a> </li> <li> <a href="./../../../../legal-content/FR/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_FR" class="piwik_download" title="HTML Français" lang="fr" hreflang="fr" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>FR</span> </a> </li> <li> <a href="./../../../../legal-content/GA/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_GA" class="piwik_download" title="HTML Gaeilge" lang="ga" hreflang="ga" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>GA</span> </a> </li> <li> <a href="./../../../../legal-content/HR/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_HR" class="piwik_download" title="HTML Hrvatski" lang="hr" hreflang="hr" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>HR</span> </a> </li> <li> <a href="./../../../../legal-content/IT/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_IT" class="piwik_download" title="HTML Italiano" lang="it" hreflang="it" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>IT</span> </a> </li> <li> <a href="./../../../../legal-content/LV/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_LV" class="piwik_download" title="HTML Latviešu valoda" lang="lv" hreflang="lv" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>LV</span> </a> </li> <li> <a href="./../../../../legal-content/LT/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_LT" class="piwik_download" title="HTML Lietuvių kalba" lang="lt" hreflang="lt" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>LT</span> </a> </li> <li> <a href="./../../../../legal-content/HU/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_HU" class="piwik_download" title="HTML Magyar" lang="hu" hreflang="hu" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>HU</span> </a> </li> <li> <a href="./../../../../legal-content/MT/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_MT" class="piwik_download" title="HTML Malti" lang="mt" hreflang="mt" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>MT</span> </a> </li> <li> <a href="./../../../../legal-content/NL/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_NL" class="piwik_download" title="HTML Nederlands" lang="nl" hreflang="nl" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>NL</span> </a> </li> <li> <a href="./../../../../legal-content/PL/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_PL" class="piwik_download" title="HTML Polski" lang="pl" hreflang="pl" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>PL</span> </a> </li> <li> <a href="./../../../../legal-content/PT/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_PT" class="piwik_download" title="HTML Português" lang="pt" hreflang="pt" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>PT</span> </a> </li> <li> <a href="./../../../../legal-content/RO/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_RO" class="piwik_download" title="HTML Română" lang="ro" hreflang="ro" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>RO</span> </a> </li> <li> <a href="./../../../../legal-content/SK/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_SK" class="piwik_download" title="HTML Slovenčina" lang="sk" hreflang="sk" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>SK</span> </a> </li> <li> <a href="./../../../../legal-content/SL/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_SL" class="piwik_download" title="HTML Slovenščina" lang="sl" hreflang="sl" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>SL</span> </a> </li> <li> <a href="./../../../../legal-content/FI/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_FI" class="piwik_download" title="HTML Suomi" lang="fi" hreflang="fi" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>FI</span> </a> </li> <li> <a href="./../../../../legal-content/SV/TXT/HTML/?uri=OJ:L_202402690" id="format_language_table_HTML_SV" class="piwik_download" title="HTML Svenska" lang="sv" hreflang="sv" rel="noindex"> <i class="exi exi-html" aria-hidden="true"> </i> <span>SV</span> </a> </li> </ul> </div> </div> <div class="PubFormat"> <div class="PubFormatType"> <i class="exi exi-oj" aria-hidden="true">&nbsp;</i> <span>PDF - authentic OJ</span> </div> <div class="btn-group btn-group-md"> <button type="button" class="btn btn-primary " title="PDF English" onclick="$('#format_language_table_PDF_EN').click();"> <span>EN</span> </button> <button type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <i class="fa fa-caret-down" aria-hidden="true"> </i> <span class="sr-only">Toggle Dropdown</span> </button> <ul class="dropdown-menu PubFormatPDF"> <li> <a href="./../../../../legal-content/BG/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_BG" class="piwik_download" title="PDF български" lang="bg" hreflang="bg" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>BG</span> </a> </li> <li> <a href="./../../../../legal-content/ES/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_ES" class="piwik_download" title="PDF Español" lang="es" hreflang="es" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>ES</span> </a> </li> <li> <a href="./../../../../legal-content/CS/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_CS" class="piwik_download" title="PDF Čeština" lang="cs" hreflang="cs" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>CS</span> </a> </li> <li> <a href="./../../../../legal-content/DA/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_DA" class="piwik_download" title="PDF Dansk" lang="da" hreflang="da" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>DA</span> </a> </li> <li> <a href="./../../../../legal-content/DE/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_DE" class="piwik_download" title="PDF Deutsch" lang="de" hreflang="de" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>DE</span> </a> </li> <li> <a href="./../../../../legal-content/ET/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_ET" class="piwik_download" title="PDF Eesti keel" lang="et" hreflang="et" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>ET</span> </a> </li> <li> <a href="./../../../../legal-content/EL/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_EL" class="piwik_download" title="PDF Ελληνικά" lang="el" hreflang="el" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>EL</span> </a> </li> <li> <a href="./../../../../legal-content/EN/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_EN" class="piwik_download" title="PDF English" lang="en" hreflang="en" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>EN</span> </a> </li> <li> <a href="./../../../../legal-content/FR/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_FR" class="piwik_download" title="PDF Français" lang="fr" hreflang="fr" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>FR</span> </a> </li> <li> <a href="./../../../../legal-content/GA/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_GA" class="piwik_download" title="PDF Gaeilge" lang="ga" hreflang="ga" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>GA</span> </a> </li> <li> <a href="./../../../../legal-content/HR/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_HR" class="piwik_download" title="PDF Hrvatski" lang="hr" hreflang="hr" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>HR</span> </a> </li> <li> <a href="./../../../../legal-content/IT/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_IT" class="piwik_download" title="PDF Italiano" lang="it" hreflang="it" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>IT</span> </a> </li> <li> <a href="./../../../../legal-content/LV/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_LV" class="piwik_download" title="PDF Latviešu valoda" lang="lv" hreflang="lv" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>LV</span> </a> </li> <li> <a href="./../../../../legal-content/LT/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_LT" class="piwik_download" title="PDF Lietuvių kalba" lang="lt" hreflang="lt" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>LT</span> </a> </li> <li> <a href="./../../../../legal-content/HU/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_HU" class="piwik_download" title="PDF Magyar" lang="hu" hreflang="hu" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>HU</span> </a> </li> <li> <a href="./../../../../legal-content/MT/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_MT" class="piwik_download" title="PDF Malti" lang="mt" hreflang="mt" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>MT</span> </a> </li> <li> <a href="./../../../../legal-content/NL/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_NL" class="piwik_download" title="PDF Nederlands" lang="nl" hreflang="nl" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>NL</span> </a> </li> <li> <a href="./../../../../legal-content/PL/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_PL" class="piwik_download" title="PDF Polski" lang="pl" hreflang="pl" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>PL</span> </a> </li> <li> <a href="./../../../../legal-content/PT/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_PT" class="piwik_download" title="PDF Português" lang="pt" hreflang="pt" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>PT</span> </a> </li> <li> <a href="./../../../../legal-content/RO/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_RO" class="piwik_download" title="PDF Română" lang="ro" hreflang="ro" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>RO</span> </a> </li> <li> <a href="./../../../../legal-content/SK/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_SK" class="piwik_download" title="PDF Slovenčina" lang="sk" hreflang="sk" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>SK</span> </a> </li> <li> <a href="./../../../../legal-content/SL/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_SL" class="piwik_download" title="PDF Slovenščina" lang="sl" hreflang="sl" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>SL</span> </a> </li> <li> <a href="./../../../../legal-content/FI/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_FI" class="piwik_download" title="PDF Suomi" lang="fi" hreflang="fi" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>FI</span> </a> </li> <li> <a href="./../../../../legal-content/SV/TXT/PDF/?uri=OJ:L_202402690" id="format_language_table_PDF_SV" class="piwik_download" title="PDF Svenska" lang="sv" hreflang="sv" onclick="eurlexDcsMultiTrack('DCS.dcsuri','/document-format.html','WT.ti','Document format','WT.z_docFormat', 'pdf', 'WT.dl', '20'); return true;"> <i class="exi exi-oj" aria-hidden="true"> </i> <span>SV</span> </a> </li> </ul> </div> </div> <div class="PubFormat"> <div class="PubFormatType"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>e-signature</span> </div> <div class="btn-group btn-group-md"> <button type="button" class="btn btn-primary " title="e-Sig English" onclick="$('#format_language_table_digital_sign_EN').click();"> <span>EN</span> </button> <button type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <i class="fa fa-caret-down" aria-hidden="true"> </i> <span class="sr-only">Toggle Dropdown</span> </button> <ul class="dropdown-menu PubFormatESig"> <li> <a href="./../../../../legal-content/BG/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_BG" lang="bg" hreflang="bg" title="e-Sig български"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>BG</span> </a> </li> <li> <a href="./../../../../legal-content/ES/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_ES" lang="es" hreflang="es" title="e-Sig Español"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>ES</span> </a> </li> <li> <a href="./../../../../legal-content/CS/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_CS" lang="cs" hreflang="cs" title="e-Sig Čeština"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>CS</span> </a> </li> <li> <a href="./../../../../legal-content/DA/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_DA" lang="da" hreflang="da" title="e-Sig Dansk"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>DA</span> </a> </li> <li> <a href="./../../../../legal-content/DE/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_DE" lang="de" hreflang="de" title="e-Sig Deutsch"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>DE</span> </a> </li> <li> <a href="./../../../../legal-content/ET/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_ET" lang="et" hreflang="et" title="e-Sig Eesti keel"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>ET</span> </a> </li> <li> <a href="./../../../../legal-content/EL/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_EL" lang="el" hreflang="el" title="e-Sig Ελληνικά"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>EL</span> </a> </li> <li> <a href="./../../../../legal-content/EN/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_EN" lang="en" hreflang="en" title="e-Sig English"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>EN</span> </a> </li> <li> <a href="./../../../../legal-content/FR/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_FR" lang="fr" hreflang="fr" title="e-Sig Français"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>FR</span> </a> </li> <li> <a href="./../../../../legal-content/GA/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_GA" lang="ga" hreflang="ga" title="e-Sig Gaeilge"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>GA</span> </a> </li> <li> <a href="./../../../../legal-content/HR/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_HR" lang="hr" hreflang="hr" title="e-Sig Hrvatski"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>HR</span> </a> </li> <li> <a href="./../../../../legal-content/IT/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_IT" lang="it" hreflang="it" title="e-Sig Italiano"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>IT</span> </a> </li> <li> <a href="./../../../../legal-content/LV/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_LV" lang="lv" hreflang="lv" title="e-Sig Latviešu valoda"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>LV</span> </a> </li> <li> <a href="./../../../../legal-content/LT/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_LT" lang="lt" hreflang="lt" title="e-Sig Lietuvių kalba"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>LT</span> </a> </li> <li> <a href="./../../../../legal-content/HU/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_HU" lang="hu" hreflang="hu" title="e-Sig Magyar"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>HU</span> </a> </li> <li> <a href="./../../../../legal-content/MT/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_MT" lang="mt" hreflang="mt" title="e-Sig Malti"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>MT</span> </a> </li> <li> <a href="./../../../../legal-content/NL/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_NL" lang="nl" hreflang="nl" title="e-Sig Nederlands"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>NL</span> </a> </li> <li> <a href="./../../../../legal-content/PL/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_PL" lang="pl" hreflang="pl" title="e-Sig Polski"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>PL</span> </a> </li> <li> <a href="./../../../../legal-content/PT/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_PT" lang="pt" hreflang="pt" title="e-Sig Português"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>PT</span> </a> </li> <li> <a href="./../../../../legal-content/RO/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_RO" lang="ro" hreflang="ro" title="e-Sig Română"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>RO</span> </a> </li> <li> <a href="./../../../../legal-content/SK/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_SK" lang="sk" hreflang="sk" title="e-Sig Slovenčina"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>SK</span> </a> </li> <li> <a href="./../../../../legal-content/SL/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_SL" lang="sl" hreflang="sl" title="e-Sig Slovenščina"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>SL</span> </a> </li> <li> <a href="./../../../../legal-content/FI/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_FI" lang="fi" hreflang="fi" title="e-Sig Suomi"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>FI</span> </a> </li> <li> <a href="./../../../../legal-content/SV/TXT/SIG/?uri=OJ:L_202402690" class="piwik_download" id="format_language_table_digital_sign_SV" lang="sv" hreflang="sv" title="e-Sig Svenska"> <i class="exi exi-digital-signature" aria-hidden="true"> </i> <span>SV</span> </a> </li> </ul> </div> </div> </div> </div> <div class="panel-footer "> <span class="hidden-xs hidden-sm"> <b><a href="https://eur-lex.europa.eu/content/help/oj/authenticity-eOJ.html">How to verify the authenticity of the Official Journal</a></b> </span> </div> </div> </div> <div class="panel panel-default PagePanel "> <div class="panel-heading" role="tab" id="PP3"> <p class="panel-title"> <button data-toggle="collapse" data-target="#PP3Contents" aria-expanded="true" aria-controls="PP3Contents" class=" " onclick="createDocPartCookie(this);"> <i class="fa fa-angle-right" aria-hidden="true">&nbsp;</i>Multilingual display</button> </p> </div> <div id="PP3Contents" class="panel-collapse collapse in" role="tabpanel" aria-labelledby="PP3"> <div class="panel-body PanelBodyB"> <form action="./../../../../legal-content/EN/TXT/?uri=&#xA;&#x9;&#x9;&#x9;&#x9;CELEX:32024R2690" class="form-inline" id="form" name="multilingualForm" method="post"><input type="hidden" name="_csrf" value="93c6bf11-ac2d-4e46-af3e-893dc733a7e7" /><input type="hidden" name="from" value="EN"/> <div class="form-group"> <label for="MDLang1" class="sr-only">Language 1 </label> <select id="MDLang1" name="lang1" class="input-sm form-control NoBorders" aria-label="Choose language"> <option value="EN">English (en)</option> <option value="BG">Bulgarian (bg)</option> <option value="ES">Spanish (es)</option> <option value="CS">Czech (cs)</option> <option value="DA">Danish (da)</option> <option value="DE">German (de)</option> <option value="ET">Estonian (et)</option> <option value="EL">Greek (el)</option> <option value="EN" selected="selected">English (en)</option> <option value="FR">French (fr)</option> <option value="GA">Irish (ga)</option> <option value="HR">Croatian (hr)</option> <option value="IT">Italian (it)</option> <option value="LV">Latvian (lv)</option> <option value="LT">Lithuanian (lt)</option> <option value="HU">Hungarian (hu)</option> <option value="MT">Maltese (mt)</option> <option value="NL">Dutch (nl)</option> <option value="PL">Polish (pl)</option> <option value="PT">Portuguese (pt)</option> <option value="RO">Romanian (ro)</option> <option value="SK">Slovak (sk)</option> <option value="SL">Slovenian (sl)</option> <option value="FI">Finnish (fi)</option> <option value="SV">Swedish (sv)</option> </select> </div> <div class="form-group"> <label for="MDLang2" class="sr-only">Language 2 </label> <select id="MDLang2" name="lang2" class="input-sm form-control NoBorders" aria-label="Choose language"> <option value="choose" selected="selected">Please choose</option> <option value="BG">Bulgarian (bg)</option> <option value="ES">Spanish (es)</option> <option value="CS">Czech (cs)</option> <option value="DA">Danish (da)</option> <option value="DE">German (de)</option> <option value="ET">Estonian (et)</option> <option value="EL">Greek (el)</option> <option value="EN">English (en)</option> <option value="FR">French (fr)</option> <option value="GA">Irish (ga)</option> <option value="HR">Croatian (hr)</option> <option value="IT">Italian (it)</option> <option value="LV">Latvian (lv)</option> <option value="LT">Lithuanian (lt)</option> <option value="HU">Hungarian (hu)</option> <option value="MT">Maltese (mt)</option> <option value="NL">Dutch (nl)</option> <option value="PL">Polish (pl)</option> <option value="PT">Portuguese (pt)</option> <option value="RO">Romanian (ro)</option> <option value="SK">Slovak (sk)</option> <option value="SL">Slovenian (sl)</option> <option value="FI">Finnish (fi)</option> <option value="SV">Swedish (sv)</option> </select> </div> <div class="form-group"> <label for="MDLang3" class="sr-only">Language 3 </label> <select id="MDLang3" name="lang3" class="input-sm form-control NoBorders" aria-label="Choose language"> <option value="choose" selected="selected">Please choose</option> <option value="BG">Bulgarian (bg)</option> <option value="ES">Spanish (es)</option> <option value="CS">Czech (cs)</option> <option value="DA">Danish (da)</option> <option value="DE">German (de)</option> <option value="ET">Estonian (et)</option> <option value="EL">Greek (el)</option> <option value="EN">English (en)</option> <option value="FR">French (fr)</option> <option value="GA">Irish (ga)</option> <option value="HR">Croatian (hr)</option> <option value="IT">Italian (it)</option> <option value="LV">Latvian (lv)</option> <option value="LT">Lithuanian (lt)</option> <option value="HU">Hungarian (hu)</option> <option value="MT">Maltese (mt)</option> <option value="NL">Dutch (nl)</option> <option value="PL">Polish (pl)</option> <option value="PT">Portuguese (pt)</option> <option value="RO">Romanian (ro)</option> <option value="SK">Slovak (sk)</option> <option value="SL">Slovenian (sl)</option> <option value="FI">Finnish (fi)</option> <option value="SV">Swedish (sv)</option> </select> </div> <button type="submit" class="btn btn-sm btn-primary" aria-label="Display" onclick="javascript:($('.AffixSidebarWrapper .Selected').length &gt; 0) ? multilingualFormPiwikTracking($('.AffixSidebarWrapper .Selected a').siblings('input[id^=selectedTabEnglishTranslationID]').val()) : multilingualFormPiwikTracking('') ;submit(); showHourglass();">Display</button> </form> </div> </div> </div> <div class="panel panel-default PagePanel"> <div class="panel-heading" role="tab" id="PP4"> <p class="panel-title"> <button data-toggle="collapse" data-target="#PP4Contents" aria-expanded="true" aria-controls="PP4Contents" onclick="createDocPartCookie(this);"> <i class="fa fa-angle-right" aria-hidden="true"></i> Text </button> </p> </div><!-- panel-heading --> <div id="PP4Contents" class="panel-collapse collapse in" role="tabpanel" aria-labelledby="PP4"> <div id="text" class="panel-body"> <div id="textTabContent"> <div id="document1" class="tabContent"> <div class="tabContent"> <div lang=""> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="5%"/> <col width="75%"/> <col width="20%"/> <tbody> <tr> <td > <img alt="European flag" src="./../../../../images/europeanflag.gif" height="40pt" width="60pt"/> </td> <td > <p class="oj-hd-ti">Official Journal <br/>of the European Union</p> </td> <td > <p class="oj-hd-lg">EN</p> <p class="oj-hd-coll">L series</p> </td> </tr> </tbody> </table> <hr class="oj-separator"/> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="20%"/> <col width="60%"/> <col width="20%"/> <tbody> <tr> <td /> <td > <p class="oj-hd-uniq">2024/2690</p> </td> <td > <p class="oj-hd-date">18.10.2024</p> </td> </tr> </tbody> </table> <div class="eli-container"> <div class="eli-main-title" id="tit_1"> <p class="oj-doc-ti" id="d1e43-1-1"> COMMISSION IMPLEMENTING REGULATION (EU) 2024/2690</p> <p class="oj-doc-ti">of 17 October 2024 </p> <p class="oj-doc-ti">laying down rules for the application of Directive (EU) 2022/2555 as regards technical and methodological requirements of cybersecurity risk-management measures and further specification of the cases in which an incident is considered to be significant with regard to DNS service providers, TLD name registries, cloud computing service providers, data centre service providers, content delivery network providers, managed service providers, managed security service providers, providers of online market places, of online search engines and of social networking services platforms, and trust service providers</p> <p class="oj-doc-ti">(Text with EEA relevance)</p> </div> <div class="eli-subdivision" id="pbl_1"> <p class="oj-normal">THE EUROPEAN COMMISSION,</p> <div class="eli-subdivision" id="cit_1"> <p class="oj-normal">Having regard to the Treaty on the Functioning of the European Union,</p> </div> <div class="eli-subdivision" id="cit_2"> <p class="oj-normal">Having regard to Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive) <a id="ntc1-L_202402690EN.000101-E0001" href="#ntr1-L_202402690EN.000101-E0001" >(<span class="oj-super oj-note-tag">1</span>)</a>, and in particular Articles 21(5), first subparagraph and 23(11), second subparagraph thereof,</p> </div> <p class="oj-normal">Whereas:</p> <div class="eli-subdivision" id="rct_1"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(1)</p> </td> <td valign="top" > <p class="oj-normal">With regard to DNS service providers, TLD name registries, cloud computing service providers, data centre service providers, content delivery network providers, managed service providers, managed security service providers, providers of online market places, of online search engines and of social networking services platforms, and trust service providers as covered by Article 3 of Directive (EU) 2022/2555 (the relevant entities), this Regulation aims to lay down the technical and the methodological requirements of the measures referred to in Article 21(2) of Directive (EU) 2022/2555 and to further specify the cases in which an incident should be considered to be significant as referred to in Article 23(3) of Directive (EU) 2022/2555.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_2"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(2)</p> </td> <td valign="top" > <p class="oj-normal">Taking account of the cross-border nature of their activities and in order to ensure a coherent framework for trust service providers, this Regulation should, with respect to trust service providers, further specify the cases in which an incident shall be considered to be significant, in addition to laying down the technical and the methodological requirements of the cybersecurity risk-management measures.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_3"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(3)</p> </td> <td valign="top" > <p class="oj-normal">Following Article 21(5), third subparagraph of Directive (EU) 2022/2555, the technical and methodological requirements of the cybersecurity risk-management measures set out in the Annex to this Regulation are based on European and international standards, such as ISO/IEC 27001, ISO/IEC 27002 and ETSI EN 319401, and technical specifications, such as CEN/TS 18026:2024, relevant to the security of network and information systems.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_4"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(4)</p> </td> <td valign="top" > <p class="oj-normal">As regards the implementation and application of the technical and the methodological requirements of cybersecurity risk-management measures set out in the Annex to this Regulation, in line with the principle of proportionality, due account should be taken of the divergent risk exposure of relevant entities, such as the criticality of the relevant entity, the risks to which it is exposed, the relevant entity’s size and structure as well as the likelihood of occurrence of incidents and their severity, including their societal and economic impact, when complying with the technical and methodological requirements of cybersecurity risk-management measures set out in the Annex to this Regulation.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_5"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(5)</p> </td> <td valign="top" > <p class="oj-normal">In line with the principle of proportionality, where relevant entities cannot implement some of the technical and the methodological requirements of the cybersecurity risk-management measures due to their size, those entities should be able to take other compensating measures that are suitable to achieve the purpose of those requirements. For example, when defining roles, responsibilities and authorities for network and information system security within the relevant entity, micro-sized entities might find it difficult to segregate conflicting duties and conflicting areas of responsibility. Such entities should be able to consider compensating measures such as targeted oversight by the entity’s management or increased monitoring and logging.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_6"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(6)</p> </td> <td valign="top" > <p class="oj-normal">Certain technical and methodological requirements set out in the Annex to this Regulation should be applied by the relevant entities where appropriate, where applicable, or to the extent feasible. Where a relevant entity considers it not appropriate, not applicable or not feasible for the relevant entity to apply certain technical and methodological requirements as provided for in the Annex to this Regulation, the relevant entity should in a comprehensible manner document its reasoning to that effect. National competent authorities may, when exercising supervision, take into account the appropriate time required for the relevant entities to implement the technical and the methodological requirements of the cybersecurity risk-management measures.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_7"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(7)</p> </td> <td valign="top" > <p class="oj-normal">ENISA or national competent authorities under Directive (EU) 2022/2555 can provide guidance to support relevant entities in the identification, analysis, and assessment of risks for the purpose of implementing the technical and the methodological requirements concerning the establishment and maintenance of an appropriate risk management framework. Such guidance can include, in particular, national and sectoral risk assessments as well as risk assessments specific for a certain type of entity. The guidance may also include tools or templates for the development of risk management framework at the level of the relevant entities. Frameworks, guidance or other mechanisms provided by Member States’ national law, as well as relevant European and international standards, can also support relevant entities in demonstrating compliance with this Regulation. Moreover, ENISA or national competent authorities under Directive (EU) 2022/2555 can support relevant entities in identifying and implementing appropriate solutions to treat risks identified in such risk assessments. Such guidance should be without prejudice to the relevant entities’ obligation to identify and document the risks posed to the security of network and information systems, and to the relevant entities’ obligation to implement the technical and the methodological requirements of the cybersecurity risk management measures set out in the Annex to this Regulation according to their needs and resources.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_8"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(8)</p> </td> <td valign="top" > <p class="oj-normal">Network security measures in relation to: (i) the transition towards latest generation network layer communication protocols, (ii) the deployment of internationally agreed and interoperable modern email communications standards, and (iii) the application of best practices for DNS security, and for internet routing security and routing hygiene entail specific challenges regarding the identification of best available standards and deployment techniques. To achieve as soon as possible a high common level of cybersecurity across networks, the Commission, with the assistance of the European Union Agency for Cybersecurity (ENISA) and in collaboration with competent authorities, industry – including telecommunication industry – and other stakeholders, should support the development of a multistakeholder forum tasked to identify these best available standards and deployment techniques. Such multi-stakeholder guidance should be without prejudice to the relevant entities’ obligation to implement the technical and the methodological requirements of the cybersecurity risk management measures set out in the Annex to this Regulation.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_9"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(9)</p> </td> <td valign="top" > <p class="oj-normal">Pursuant to Article 21(2), point (a), of Directive (EU) 2022/2555, essential and important entities should have, besides policies on risk analysis, policies on information system security. For that purpose, the relevant entities should establish a policy on the security of network and information systems as well as topic-specific policies, such as policies on access control, which should be coherent with the policy on the security of network and information systems. The policy on the security of network and information systems should be the highest-level document setting out the relevant entities’ overall approach to their security of network and information systems and should be approved by the management bodies of the relevant entities. The topic-specific policies should be approved by an appropriate level of management. The policy should lay down indicators and measures to monitor its implementation and the current status of relevant entities’ maturity level of network and information security, in particular to facilitate the oversight of the implementation of the cybersecurity risk-management measures through the management bodies.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_10"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(10)</p> </td> <td valign="top" > <p class="oj-normal">For the purposes of the technical and the methodological requirements laid down in the Annex to this Regulation, the term ‘user’ should encompass all legal and natural persons which have access to the entity’s network and information systems.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_11"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(11)</p> </td> <td valign="top" > <p class="oj-normal">To identify and address the risks posed to the security of network and information systems, the relevant entities should establish and maintain an appropriate risk management framework. As a part of the risk management framework, the relevant entities should establish, implement and monitor a risk treatment plan. The relevant entities may use the risk treatment plan to identify and prioritise risk treatment options and measures. Options for risk treatment include, in particular, avoiding, reducing or, in exceptional cases, accepting the risk. The choice of risk treatment options should take into account the results of the risk assessment carried out by the relevant entity, and be in accordance with the relevant entity’s policy on the security of network and information systems. To give effect to the chosen risk treatment options, the relevant entities should take the appropriate risk treatment measures.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_12"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(12)</p> </td> <td valign="top" > <p class="oj-normal">To detect events, near misses and incidents, the relevant entities should monitor their network and information systems and should take actions to evaluate events, near misses and incidents. Those measures should be capable of allowing the detection of network-based attacks based on anomalous inbound and outbound traffic patterns and denial of service attacks in a timely manner.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_13"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(13)</p> </td> <td valign="top" > <p class="oj-normal">When the relevant entities conduct a business impact analysis, they are encouraged to carry out a comprehensive analysis establishing, as appropriate, maximum tolerable downtime, recovery time objectives, recovery point objectives and service delivery objectives.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_14"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(14)</p> </td> <td valign="top" > <p class="oj-normal">In order to mitigate risks stemming from a relevant entity’s supply chain and its relationship with its suppliers, the relevant entities should establish a supply chain security policy which governs their relations with their direct suppliers and service providers. These entities should specify in the contracts with their direct suppliers or service providers adequate security clauses, for example by requiring, where appropriate, cybersecurity risk-management measures according to Article 21(2) of Directive (EU) 2022/2555 or other similar legal requirements.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_15"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(15)</p> </td> <td valign="top" > <p class="oj-normal">The relevant entities should regularly carry out security tests based on a dedicated policy and procedures to verify whether the cybersecurity risk-management measures are implemented and function properly. Security tests may be performed on specific network and information systems or on the relevant entity as a whole and may include automated or manual tests, penetration tests, vulnerability scanning, static and dynamic application security tests, configuration tests or security audits. The relevant entities may conduct security tests on their network and information systems at set-up, after infrastructure or application upgrades or modifications that they deem significant, or after maintenance. The findings of the security tests should inform the relevant entities’ policies and procedures to assess the effectiveness of the cybersecurity risk-management measures, as well as independent reviews of their network and information security policies.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_16"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(16)</p> </td> <td valign="top" > <p class="oj-normal">In order to avoid significant disruption and harm caused by the exploitation of unpatched vulnerabilities in network and information systems, the relevant entities should set out and apply appropriate security patch management procedures which are aligned with the relevant entities’ change management, vulnerability management, risk management and other relevant procedures. Relevant entities should take measures proportionate to their resources to ensure that security patches do not introduce additional vulnerabilities or instabilities. In case of planned inaccessibility to the service caused by the application of security patches, the relevant entities are encouraged to duly inform customers in advance.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_17"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(17)</p> </td> <td valign="top" > <p class="oj-normal">The relevant entities should manage the risks stemming from the acquisition of ICT products or ICT services from suppliers or service providers and should obtain assurance that the ICT products or ICT services to be acquired achieve certain cybersecurity protection levels, for example by European cybersecurity certificates and EU statements of conformity for ICT products or ICT services issued under a European cybersecurity certification scheme adopted pursuant to Article 49 of Regulation (EU) 2019/881 of the European Parliament and of the Council <a id="ntc2-L_202402690EN.000101-E0002" href="#ntr2-L_202402690EN.000101-E0002" >(<span class="oj-super oj-note-tag">2</span>)</a>. Where the relevant entities set out security requirements to apply to the ICT products to be acquired, they should take into account the essential cybersecurity requirements set out in a regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_18"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(18)</p> </td> <td valign="top" > <p class="oj-normal">In order to protect against cyber threats and support the prevention and containment of data breaches, the relevant entities should implement network security solutions. Typical solutions for network security include the use of firewalls to protect the relevant entities’ internal networks, the limitation of connections and access to services where connections and access are absolutely needed, and the use of virtual private networks for remote access and allowing connections of service providers only after an authorisation request and for a set time period such as the duration of a maintenance operation.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_19"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(19)</p> </td> <td valign="top" > <p class="oj-normal">In order to protect the networks of the relevant entities and their information systems against malicious and unauthorised software, those entities should implement controls that prevent or detect the use of unauthorised software and should, where appropriate, use detection and response software. The relevant entities should also consider implementing measures to minimize the attack surface, reduce vulnerabilities that can be exploited by attackers, control the execution of applications on endpoints, and deploy email and web application filters to reduce exposure to malicious content.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_20"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(20)</p> </td> <td valign="top" > <p class="oj-normal">Pursuant to Article 21(2), point (g), of Directive (EU) 2022/2555, Member States are to ensure that essential and important entities apply basic cyber hygiene practices and cybersecurity training. Basic cyber hygiene practices can include zero-trust principles, software updates, device configuration, network segmentation, identity and access management or user awareness, organise training for their staff and raise awareness concerning cyber threats, phishing or social engineering techniques. Cyber hygiene practices are a part of different technical and methodological requirements of the cybersecurity risk management measures set out in the Annex to this Regulation. With regard to basic cyber hygiene practices for users, the relevant entities should consider practices such as clear desk and screen policy, use of multi-factor and other authentication means, safe email use and web browsing, protection from phishing and social engineering, secure remote working practices.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_21"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(21)</p> </td> <td valign="top" > <p class="oj-normal">In order to prevent unauthorised access to the relevant entities’ assets, the relevant entities should establish and implement a topic-specific policy addressing access by persons and by network and information systems, such as applications.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_22"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(22)</p> </td> <td valign="top" > <p class="oj-normal">In order to avoid that employees can misuse, for instance, access rights within the relevant entity to harm and cause damage, relevant entities should consider adequate employee security management measures and raise awareness among personnel about such risks. The relevant entities should establish, communicate and maintain a disciplinary process for handling violations of the relevant entities’ network and information system security policies, which may be embedded in other disciplinary processes established by the relevant entities. Verification of the background of the employees and where applicable the direct suppliers and service providers of the relevant entities should contribute to the goal of human resources security in the relevant entities, and may include measures such as checks of the person’s criminal record or past professional duties, as appropriate for the person’s duties in the relevant entity and in line with the relevant entity’s policy on the security of network and information systems.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_23"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(23)</p> </td> <td valign="top" > <p class="oj-normal">Multi-factor authentication can enhance the entities’ cybersecurity and should be considered by the entities in particular when users access network and information systems from remote locations, or when they access sensitive information or privileged accounts and system administration accounts. Multi-factor authentication can be combined with other techniques to require additional factors under specific circumstances, based on predefined rules and patterns, such as access from an unusual location, from an unusual device or at an unusual time.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_24"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(24)</p> </td> <td valign="top" > <p class="oj-normal">The relevant entities should manage and protect the assets which are of value to them through a sound asset management which should also serve as the basis for the risk analysis and business continuity management. The relevant entities should manage both tangible and intangible assets and should create an asset inventory, associate the assets with a defined classification level, handle and track the assets and take steps to protect the assets throughout their lifecycle.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_25"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(25)</p> </td> <td valign="top" > <p class="oj-normal">Asset management should involve classifying assets by their type, sensitivity, risk level, and security requirements and applying appropriate measures and controls to ensure their availability, integrity, confidentiality, and authenticity. By classifying assets by risk level, the relevant entities should be able to apply appropriate security measures and controls to protect assets such as encryption, access control including perimeter and physical and logical access control, backups, logging and monitoring, retention and disposal. When conducting a business impact analysis, the relevant entities may determine the classification level based on the consequences of disruption of assets for the entities. All employees of the entities handling assets should be familiar with the asset handling policies and instructions.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_26"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(26)</p> </td> <td valign="top" > <p class="oj-normal">The granularity of the asset inventory should be appropriate for the needs of the relevant entities. A comprehensive asset inventory could include, for each asset, at least a unique identifier, the owner of the asset, a description of the asset, the location of the asset, the type of asset, the type and classification of information processed in the asset, the date of last update or patch of the asset, the classification of the asset under the risk assessment, and the end of life of the asset. When identifying the owner of an asset, the relevant entities should also identify the person responsible for protecting said asset.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_27"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(27)</p> </td> <td valign="top" > <p class="oj-normal">The allocation and organisation of cybersecurity roles, responsibilities and authorities should establish a consistent structure for the governance and implementation of cybersecurity within the relevant entities, and should ensure effective communication in case of incidents. When defining and assigning responsibilities for certain roles, the relevant entities should consider roles such as chief information security officer, information security officer, incident handling officer, auditor, or comparable equivalents. Relevant entities may assign roles and responsibilities to external parties, such as ICT third-party service providers.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_28"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(28)</p> </td> <td valign="top" > <p class="oj-normal">In accordance with Article 21(2) of Directive (EU) 2022/2555, the cybersecurity risk-management measures are to be based on an all-hazards approach that aims to protect network and information systems and the physical environment of those systems from events such as theft, fire, flood, telecommunication or power failures, or unauthorised physical access and damage to, and interference with, an essential or important entity’s information and information processing facilities, which could compromise the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, network and information systems. The technical and the methodological requirements of the cybersecurity risk-management measures should therefore also address the physical and environmental security of network and information systems by including measures to protect such systems from system failures, human error, malicious acts or natural phenomena. Further examples of physical and environmental threats can include earthquakes, explosions, sabotage, insider threat, civil unrest, toxic waste, and environmental emissions. Prevention of loss, damage or compromise of network and information systems or interruption to their operations due to the failure and disruption of supporting utilities should contribute to the goal of business continuity in the relevant entities. Moreover, protection against physical and environmental threats should contribute to security of network and information systems maintenance in the relevant entities.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_29"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(29)</p> </td> <td valign="top" > <p class="oj-normal">Relevant entities should design and implement protection measures against physical and environmental threats and determine minimum and maximum control thresholds for physical and environmental threats and monitor environmental parameters. For example, they should consider installing systems to detect at an early stage the flooding of areas where network and information systems are located. Regarding fire hazard, the relevant entities should consider the establishment of a separate fire compartment for the data centre, the use of fire-resistant materials, sensors for monitoring temperature and humidity, the connection of the building to a fire alarm system with an automated notification to the local fire department, and early fire detection and extinguishing systems. The relevant entities should also carry out regular fire drills and fire inspections. Furthermore, to ensure power supply, the relevant entities should consider overvoltage protection and corresponding emergency power supply, in accordance with relevant standards. Moreover, as overheating poses a risk to the availability of network and information systems, relevant entities, in particular data centre service providers, could consider adequate, continuous and redundant air conditioning systems.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_30"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(30)</p> </td> <td valign="top" > <p class="oj-normal">This Regulation is to further specify the cases in which an incident should be considered to be significant for the purpose of Article 23(3) of Directive (EU) 2022/2555. The criteria should be such that relevant entities are able to assess whether an incident is significant, in order to notify the incident in accordance with Directive (EU) 2022/2555. Furthermore, the criteria set out in this Regulation should be considered exhaustive, without prejudice to Article 5 of Directive (EU) 2022/2555. This regulation specifies the cases in which an incident should be considered to be significant by setting out horizontal as well as entity-type specific cases.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_31"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(31)</p> </td> <td valign="top" > <p class="oj-normal">Pursuant to Article 23(4) of Directive (EU) 2022/2555, relevant entities should be required to notify significant incidents within the deadlines set by that provision. Those notification deadlines are running from the moment the entity becomes aware of such significant incidents. The relevant entity is therefore required to report incidents that, based on its initial assessment, could cause severe operational disruption of the services or financial loss for that entity or affect other natural or legal persons by causing considerable material or non-material damage. Therefore, when a relevant entity has detected a suspicious event, or after a potential incident has been brought to its attention by a third party, such as an individual, a customer, an entity, an authority, a media organisation, or another source, the relevant entity should assess in a timely manner the suspicious event to determine whether it constitutes an incident and, if so, determine its nature and severity. The relevant entity is therefore to be regarded as having become ‘aware’ of the significant incident when, after such initial assessment, that entity has a reasonable degree of certainty that a significant incident has occurred.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_32"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(32)</p> </td> <td valign="top" > <p class="oj-normal">With a view to establishing whether an incident is significant, where relevant, relevant entities should count the number of users impacted by the incident, taking into consideration business and end customers with whom the relevant entities have a contractual relationship as well as natural and legal persons that are associated with business customers. Where a relevant entity is unable to calculate the number of impacted users, the relevant entity’s estimate of the possible maximum number of affected users should be considered for the purpose of calculating the total number of users affected by the incident. The significance of an incident involving a trust service should not only be determined by the number of users but also by the number of relying parties as these can be equally affected by a significant incident involving a trust service in regard to operational disruption and material or non-material damage. Therefore, trust service providers should, where applicable, also take into account the number of relying parties when establishing whether an incident is significant. For that purpose, relying parties should be understood as natural or legal persons that rely upon a trust service.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_33"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(33)</p> </td> <td valign="top" > <p class="oj-normal">Maintenance operations resulting in the limited availability or unavailability of the services should not be considered as significant incidents if the limited availability or unavailability of the service occurs according to a scheduled maintenance operation. Moreover, where a service is unavailable due to scheduled interruptions such as interruptions or non-availability based on pre-determined contractual agreement should not be considered as significant incident.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_34"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(34)</p> </td> <td valign="top" > <p class="oj-normal">The duration of an incident which impacts availability of a service should be measured from the disruption of the proper provision of such service until the time of recovery. Where a relevant entity is unable to determine the moment when the disruption began, the duration of the incident should be measured from the moment the incident was detected, or from the moment when the incident was recorded in network or system logs or other data sources, whichever is earlier.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_35"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(35)</p> </td> <td valign="top" > <p class="oj-normal">Complete unavailability of a service should be measured from the moment the service is fully unavailable to users, to the moment when regular activities or operations have been restored to the level of service that was provided prior to the incident. Where a relevant entity is unable to determine when the complete unavailability of a service began, the unavailability should be measured from the moment it was detected by that entity.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_36"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(36)</p> </td> <td valign="top" > <p class="oj-normal">For the purpose of determining the direct financial losses resulting from an incident, relevant entities should take into account all the financial losses which they have incurred as a result of the incident, such as costs for replacement or relocation of software, hardware or infrastructure, staff costs, including costs associated with replacement or relocation of staff, recruitment of extra staff, remuneration of overtime and recovery of lost or impaired skills, fees due to non-compliance with contractual obligations, costs for redress and compensation to customers, losses due to forgone revenues, costs associated with internal and external communication, advisory costs, including costs associated with legal counselling, forensic services and remediation services, and other costs associated to the incident. However, administrative fines, as well as costs that are necessary for the day-to-day operation of the business, should not be considered as financial losses resulting from an incident, including costs for general maintenance of infrastructure, equipment, hardware and software, keeping skills of staff up to date, internal or external costs to enhance the business after the incident, including upgrades, improvements and risk assessment initiatives, and insurance premiums. The relevant entities should calculate the amounts of financial losses based on available data and, where the actual amounts of financial losses cannot be determined, the entities should estimate those amounts.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_37"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(37)</p> </td> <td valign="top" > <p class="oj-normal">Relevant entities should also be obliged to report incidents that have caused or are capable of causing the death of natural persons or considerable damage to natural persons’ health as such incidents are particularly serious cases of causing considerable material or non-material damage. For instance, an incident affecting a relevant entity could cause unavailability of healthcare or emergency services, or the loss of confidentiality or integrity of data with an effect on the health of natural persons. For the purpose of determining whether an incident has caused or is capable of causing considerable damage to a natural person’s health, relevant entities should take into account whether the incident caused or is capable of causing severe injuries and ill-health. For that purpose, the relevant entities should not be required to collect additional information to which they do not have access.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_38"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(38)</p> </td> <td valign="top" > <p class="oj-normal">Limited availability should be considered to occur in particular when a service provided by a relevant entity is considerably slower than average response time, or where not all functionalities of a service are available. Where possible, objective criteria based on the average response times of services provided by the relevant entities should be used to assess delays in response time. A functionality of a service may be, for instance, a chat functionality or an image search functionality.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_39"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(39)</p> </td> <td valign="top" > <p class="oj-normal">Successful, suspectedly malicious and unauthorised access to a relevant entity’s network and information systems should be regarded as a significant incident, where such access is capable of causing severe operational disruption. For instance, where a cyber threat actor pre-positions itself in a relevant entity’s network and information systems with a view to causing disruption of services in the future, the incident should be considered to be significant.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_40"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(40)</p> </td> <td valign="top" > <p class="oj-normal">Recurring incidents that are linked through the same apparent root cause, which individually do not meet the criteria of a significant incident, should collectively be considered to be a significant incident, provided that they collectively meet the criterion for financial loss, and that they have occurred at least twice within six months. Such recurring incidents can indicate significant deficiencies and weaknesses in the relevant entity’s cybersecurity risk management procedures and their level of cybersecurity maturity. Moreover, such recurring incidents are capable of causing significant financial loss for the relevant entity.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_41"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(41)</p> </td> <td valign="top" > <p class="oj-normal">The Commission has exchanged advice and cooperated with the Cooperation Group and ENISA on the draft implementing act, in accordance with Articles 21(5) and 23(11) of Directive (EU) 2022/2555.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_42"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(42)</p> </td> <td valign="top" > <p class="oj-normal">The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council <a id="ntc3-L_202402690EN.000101-E0003" href="#ntr3-L_202402690EN.000101-E0003" >(<span class="oj-super oj-note-tag">3</span>)</a>, and delivered its opinion on 1 September 2024.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="rct_43"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(43)</p> </td> <td valign="top" > <p class="oj-normal">The measures provided for in this Regulation are in accordance with the opinion of the committee established in accordance with Article 39 of Directive (EU) 2022/2555,</p> </td> </tr> </tbody> </table> </div> <p class="oj-normal">HAS ADOPTED THIS REGULATION:</p> </div> <div class="eli-subdivision" id="enc_1"> <div class="eli-subdivision" id="art_1"> <p id="d1e381-1-1" class="oj-ti-art">Article 1</p> <div class="eli-title" id="art_1.tit_1"> <p class="oj-sti-art">Subject matter</p> </div> <p class="oj-normal">This Regulation, with regard to DNS service providers, TLD name registries, cloud computing service providers, data centre service providers, content delivery network providers, managed service providers, managed security service providers, providers of online market places, of online search engines and of social networking services platforms, and trust service providers (the relevant entities) lays down the technical and the methodological requirements of the measures referred to in Article 21(2) of Directive (EU) 2022/2555 and further specifies the cases in which an incident shall be considered to be significant as referred to in Article 23(3) of Directive (EU) 2022/2555.</p> </div> <div class="eli-subdivision" id="art_2"> <p id="d1e388-1-1" class="oj-ti-art">Article 2</p> <div class="eli-title" id="art_2.tit_1"> <p class="oj-sti-art">Technical and methodological requirements</p> </div> <div id="002.001"> <p class="oj-normal">1.   For the relevant entities the technical and methodological requirements of cybersecurity risk-management measures referred to in Article 21(2), points (a) to (j), of Directive (EU) 2022/2555 are set out in the Annex to this Regulation.</p> </div> <div id="002.002"> <p class="oj-normal">2.   The relevant entities shall ensure a level of security of network and information systems appropriate to the risks posed when implementing and applying the technical and methodological requirements of cybersecurity risk-management measures set out in the Annex to this Regulation. For that purpose, they shall take due account of the degree of their exposure to risks, their size and the likelihood of occurrence of incidents and their severity, including their societal and economic impact, when complying with the technical and methodological requirements of cybersecurity risk-management measures set out in the Annex to this Regulation.</p> <p class="oj-normal">Where the Annex to this Regulation provides that a technical or methodological requirement of a cybersecurity risk-management measure shall be applied ‘where appropriate’, ‘where applicable’ or ‘to the extent feasible’, and where a relevant entity considers it not appropriate, not applicable or not feasible for the relevant entity to apply certain such technical and methodological requirements, the relevant entity shall in a comprehensible manner document its reasoning to that effect.</p> </div> </div> <div class="eli-subdivision" id="art_3"> <p id="d1e418-1-1" class="oj-ti-art">Article 3</p> <div class="eli-title" id="art_3.tit_1"> <p class="oj-sti-art">Significant incidents</p> </div> <div id="003.001"> <p class="oj-normal">1.   An incident shall be considered to be significant for the purposes of Article 23(3) of Directive (EU) 2022/2555 with regard to the relevant entities where one or more of the following criteria are fulfilled:</p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">the incident has caused or is capable of causing direct financial loss for the relevant entity that exceeds EUR 500 000 or 5 % of the relevant entity’s total annual turnover in the preceding financial year, whichever is lower;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">the incident has caused or is capable of causing the exfiltration of trade secrets as set out in Article 2 point (1), of Directive (EU) 2016/943 of the relevant entity;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">the incident has caused or is capable of causing the death of a natural person;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">the incident has caused or is capable of causing considerable damage to a natural person’s health;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(e)</p> </td> <td valign="top" > <p class="oj-normal">a successful, suspectedly malicious and unauthorised access to network and information systems occurred, which is capable of causing severe operational disruption;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(f)</p> </td> <td valign="top" > <p class="oj-normal">the incident meets the criteria set out in Article 4;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(g)</p> </td> <td valign="top" > <p class="oj-normal">the incident meets one or more of the criteria set out in Articles 5 to 14.</p> </td> </tr> </tbody> </table> </div> <div id="003.002"> <p class="oj-normal">2.   Scheduled interruptions of service and planned consequences of scheduled maintenance operations carried out by or on behalf of the relevant entities shall not be considered to be significant incidents.</p> </div> <div id="003.003"> <p class="oj-normal">3.   When calculating the number of users impacted by an incident for the purpose of Articles 7 and 9 to 14, the relevant entities shall consider all of the following:</p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">the number of customers that have a contract with the relevant entity which grants them access to the relevant entity’s network and information systems or services offered by, or accessible via, those network and information systems;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">the number of natural and legal persons associated with business customers that use the entities’ network and information systems or services offered by, or accessible via, those network and information systems.</p> </td> </tr> </tbody> </table> </div> </div> <div class="eli-subdivision" id="art_4"> <p id="d1e499-1-1" class="oj-ti-art">Article 4</p> <div class="eli-title" id="art_4.tit_1"> <p class="oj-sti-art">Recurring incidents</p> </div> <p class="oj-normal">Incidents that individually are not considered a significant incident within the meaning of Article 3, shall be considered collectively as one significant incident where they meet all of the following criteria:</p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">they have occurred at least twice within 6 months;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">they have the same apparent root cause;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">they collectively meet the criteria set out in Article 3(1)(a).</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="art_5"> <p id="d1e526-1-1" class="oj-ti-art">Article 5</p> <div class="eli-title" id="art_5.tit_1"> <p class="oj-sti-art">Significant incidents with regard to DNS service providers</p> </div> <p class="oj-normal">With regard to DNS service providers, an incident shall be considered significant under Article 3(1)(g), where it fulfils one or more of the following criteria:</p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">a recursive or authoritative domain name resolution service is completely unavailable for more than 30 minutes;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">for a period of more than one hour, the average response time of a recursive or authoritative domain name resolution service to DNS requests is more than 10 seconds;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">the integrity, confidentiality or authenticity of stored, transmitted or processed data related to the provision of the authoritative domain name resolution service is compromised, except in cases where the data of fewer than 1 000 domain names managed by the DNS service provider, amounting to no more than 1 % of the domain names managed by the DNS service provider, are not correct because of misconfiguration.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="art_6"> <p id="d1e556-1-1" class="oj-ti-art">Article 6</p> <div class="eli-title" id="art_6.tit_1"> <p class="oj-sti-art">Significant incidents with regard to TLD name registries</p> </div> <p class="oj-normal">With regard to TLD name registries, an incident shall be considered significant under Article 3(1)(g) where it fulfils one or more of the following criteria:</p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">an authoritative domain name resolution service is completely unavailable;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">for a period of more than one hour, the average response time of an authoritative domain name resolution service to DNS requests is more than 10 seconds,</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">the integrity, confidentiality or authenticity of stored, transmitted or processed data related to the technical operation of the TLD is compromised.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="art_7"> <p id="d1e583-1-1" class="oj-ti-art">Article 7</p> <div class="eli-title" id="art_7.tit_1"> <p class="oj-sti-art">Significant incidents with regard to cloud computing service providers</p> </div> <p class="oj-normal">With regard to cloud computing service providers, an incident shall be considered significant under Article 3(1)(g) where it fulfils one or more of the following criteria:</p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">a cloud computing service provided is completely unavailable for more than 30 minutes;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">the availability of a cloud computing service of a provider is limited for more than 5 % of the cloud computing service’s users in the Union, or for more than 1 million of the cloud computing service’s users in the Union, whichever number is smaller, for a duration of more than one hour;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">the integrity, confidentiality or authenticity of stored, transmitted or processed data related to the provision of a cloud computing service is compromised as a result of a suspectedly malicious action,</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">the integrity, confidentiality or authenticity of stored, transmitted or processed data related to the provision of a cloud computing service is compromised with an impact on more than 5 % of that cloud computing service’s users in the Union, or on more than 1 million of that cloud computing service’s users in the Union, whichever number is smaller.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="art_8"> <p id="d1e616-1-1" class="oj-ti-art">Article 8</p> <div class="eli-title" id="art_8.tit_1"> <p class="oj-sti-art">Significant incidents with regard to data centre service providers</p> </div> <p class="oj-normal">With regard to data centre service providers, an incident shall be considered significant under Article 3(1)(g) where it fulfils one or more of the following criteria:</p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">a data centre service of a data centre operated by the provider is completely unavailable;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">the availability of a data centre service of a data centre operated by the provider is limited for a duration of more than one hour;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">the integrity, confidentiality or authenticity of stored, transmitted or processed data related to the provision of a data centre service is compromised as a result of a suspectedly malicious action;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">physical access to a data centre operated by the provider is compromised.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="art_9"> <p id="d1e649-1-1" class="oj-ti-art">Article 9</p> <div class="eli-title" id="art_9.tit_1"> <p class="oj-sti-art">Significant incidents with regard to content delivery network providers</p> </div> <p class="oj-normal">With regard to content delivery network providers, an incident shall be considered significant under Article 3(1)(g) where it fulfils one or more of the following criteria:</p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">a content delivery network is completely unavailable for more than 30 minutes;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">the availability of a content delivery network is limited for more than 5 % of the content delivery network’s users in the Union, or for more than 1 million of the content delivery network’s users in the Union, whichever number is smaller, for a duration of more than one hour;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">the integrity, confidentiality or authenticity of stored, transmitted or processed data related to the provision of a content delivery network is compromised as a result of a suspectedly malicious action;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">the integrity, confidentiality or authenticity of stored, transmitted or processed data related to the provision of a content delivery network is compromised with an impact on more than 5 % of that content delivery network’s users in the Union, or on more than 1 million of that content delivery network’s users in the Union, whichever number is smaller.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="art_10"> <p id="d1e682-1-1" class="oj-ti-art">Article 10</p> <div class="eli-title" id="art_10.tit_1"> <p class="oj-sti-art">Significant incidents with regard to managed service providers and managed security service providers</p> </div> <p class="oj-normal">With regard to managed service providers and managed security service providers, an incident shall be considered significant under Article 3(1)(g) where it fulfils one or more of the following criteria:</p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">a managed service or managed security service is completely unavailable for more than 30 minutes;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">the availability of a managed service or managed security service is limited for more than 5 % of the service’s users in the Union, or for more than 1 million of the service’s users in the Union, whichever number is smaller, for a duration of more than one hour;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">the integrity, confidentiality or authenticity of stored, transmitted or processed data related to the provision of a managed service or managed security service is compromised as a result of a suspectedly malicious action;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">the integrity, confidentiality or authenticity of stored, transmitted or processed data related to the provision of a managed service or a managed security service, is compromised with an impact on more than 5 % of that managed service’s or that managed security service’s users in the Union, or on more than 1 million of the service users in the Union, whichever number is smaller.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="art_11"> <p id="d1e715-1-1" class="oj-ti-art">Article 11</p> <div class="eli-title" id="art_11.tit_1"> <p class="oj-sti-art">Significant incidents with regard to providers of online marketplaces</p> </div> <p class="oj-normal">With regard to providers of online marketplaces, an incident shall be considered significant under Article 3(1)(g) where it fulfils one or more of the following criteria:</p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">an online marketplace is completely unavailable for more than 5 % of an online marketplace’s users in the Union, or for more than 1 million of an online marketplace’s users in the Union, whichever number is smaller;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">more than 5 % of an online marketplace’s users in the Union, or more than 1 million of an online marketplace’s users in the Union, whichever number is smaller, are impacted by limited availability of that online marketplace;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">the integrity, confidentiality or authenticity of stored, transmitted or processed data related to the provision of an online marketplace is compromised as a result of a suspectedly malicious action;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">the integrity, confidentiality or authenticity of stored, transmitted or processed data related to the provision of an online marketplace is compromised with an impact on more than 5 % of that online marketplace’s users in the Union, or on more than 1 million of that online marketplace’s users in the Union, whichever number is smaller.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="art_12"> <p id="d1e749-1-1" class="oj-ti-art">Article 12</p> <div class="eli-title" id="art_12.tit_1"> <p class="oj-sti-art">Significant incidents with regard to providers of online search engines</p> </div> <p class="oj-normal">With regard to providers of online search engines, an incident shall be considered significant under Article 3(1)(g) where it fulfils one or more of the following criteria:</p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">an online search engine is completely unavailable for more than 5 % of that online search engine’s users in the Union, or for more than 1 million of that online search engine’s users in the Union, whichever number is smaller;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">more than 5 % of an online search engine’s users in the Union, or more than 1 million of an online search engine’s users in the Union, whichever number is smaller, are impacted by limited availability of that online search engine;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">the integrity, confidentiality or authenticity of stored, transmitted or processed data related to the provision of an online search engine is compromised as a result of a suspectedly malicious action;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">the integrity, confidentiality or authenticity of stored, transmitted or processed data related to the provision of an online search engine is compromised with an impact on more than 5 % of that online search engine’s users in the Union, or on more than 1 million of that online search engine’s users in the Union, whichever number is smaller.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="art_13"> <p id="d1e782-1-1" class="oj-ti-art">Article 13</p> <div class="eli-title" id="art_13.tit_1"> <p class="oj-sti-art">Significant incidents with regard to providers of social networking services platforms</p> </div> <p class="oj-normal">With regard to providers of social networking services platforms, an incident shall be considered significant under Article 3(1)(g) where it fulfils one or more of the following criteria:</p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">a social networking service platform is completely unavailable for more than 5 % of that social networking service platform’s users in the Union, or for more than 1 million of that social networking service platform’s users in the Union, whichever number is smaller;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">more than 5 % of a social networking service platform’s users in the Union, or more than 1 million of a social networking service platform’s users in the Union, whichever number is smaller, are impacted by limited availability of that social networking service platform;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">the integrity, confidentiality or authenticity of stored, transmitted or processed data related to the provision of a social networking service platform is compromised as a result of a suspectedly malicious action;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">the integrity, confidentiality or authenticity of stored, transmitted or processed data related to the provision of a social networking service platform is compromised with an impact on more than 5 % of that social networking service platform’s users in the Union, or on more than 1 million of that social networking service platform’s users in the Union, whichever number is smaller.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="art_14"> <p id="d1e815-1-1" class="oj-ti-art">Article 14</p> <div class="eli-title" id="art_14.tit_1"> <p class="oj-sti-art">Significant incidents with regard to trust service providers</p> </div> <p class="oj-normal">With regard to trust service providers, an incident shall be considered significant under Article 3(1)(g) where it fulfils one or more of the following criteria:</p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">a trust service is completely unavailable for more than 20 minutes;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">a trust service is unavailable to users, or relying parties, for more than one hour calculated on a calendar week basis;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">more than 1 % of the users or relying parties in the Union, or more than 200 000 users or relying parties in the Union, whichever number is smaller, are impacted by limited availability of a trust service;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">physical access to an area where network and information systems are located and to which access is restricted to trusted personnel of the trust service provider, or the protection of such physical access, is compromised;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(e)</p> </td> <td valign="top" > <p class="oj-normal">the integrity, confidentiality or authenticity of stored, transmitted or processed data related to the provision of a trust service is compromised with an impact on more than 0,1 % of users or relying parties, or more than 100 of users or relying parties, whichever number is smaller, of the trust service in the Union.</p> </td> </tr> </tbody> </table> </div> <div class="eli-subdivision" id="art_15"> <p id="d1e857-1-1" class="oj-ti-art">Article 15</p> <div class="eli-title" id="art_15.tit_1"> <p class="oj-sti-art">Repeal</p> </div> <p class="oj-normal">Commission Implementing Regulation (EU) 2018/151 <a id="ntc4-L_202402690EN.000101-E0004" href="#ntr4-L_202402690EN.000101-E0004" >(<span class="oj-super oj-note-tag">4</span>)</a> is repealed.</p> </div> <div class="eli-subdivision" id="art_16"> <p id="d1e877-1-1" class="oj-ti-art">Article 16</p> <div class="eli-title" id="art_16.tit_1"> <p class="oj-sti-art">Entry into force and application</p> </div> <p class="oj-normal">This Regulation shall enter into force on the twentieth day following that of its publication in the <span class="oj-italic">Official Journal of the European Union</span>.</p> </div> </div> <div class="eli-subdivision" id="fnp_1"> <div class="oj-final"> <p class="oj-normal">This Regulation shall be binding in its entirety and directly applicable in all Member States.</p> <p class="oj-normal">Done at Brussels, 17 October 2024.</p> <div class="oj-signatory"> <p class="oj-signatory"> <span class="oj-italic">For the Commission</span> </p> <p class="oj-signatory">Ursula VON DER LEYEN </p> <p class="oj-signatory"> <span class="oj-italic">The President</span> </p> </div> </div> </div> <hr class="oj-note"/> <p class="oj-note"> <a id="ntr1-L_202402690EN.000101-E0001" href="#ntc1-L_202402690EN.000101-E0001" >(<span class="oj-super">1</span>)</a>   <a href="./../../../../legal-content/EN/AUTO/?uri=OJ:L:2022:333:TOC" >OJ L 333, 27.12.2022, p. 80</a>, ELI: <a href="http://data.europa.eu/eli/dir/2022/2555/oj" >http://data.europa.eu/eli/dir/2022/2555/oj</a>.</p> <p class="oj-note"> <a id="ntr2-L_202402690EN.000101-E0002" href="#ntc2-L_202402690EN.000101-E0002" >(<span class="oj-super">2</span>)</a>  Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (<a href="./../../../../legal-content/EN/AUTO/?uri=OJ:L:2019:151:TOC" >OJ L 151, 7.6.2019, p. 15</a>, ELI: <a href="http://data.europa.eu/eli/reg/2019/881/oj" >http://data.europa.eu/eli/reg/2019/881/oj</a>).</p> <p class="oj-note"> <a id="ntr3-L_202402690EN.000101-E0003" href="#ntc3-L_202402690EN.000101-E0003" >(<span class="oj-super">3</span>)</a>  Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (<a href="./../../../../legal-content/EN/AUTO/?uri=OJ:L:2018:295:TOC" >OJ L 295, 21.11.2018, p. 39</a>, ELI: <a href="http://data.europa.eu/eli/reg/2018/1725/oj" >http://data.europa.eu/eli/reg/2018/1725/oj</a>).</p> <p class="oj-note"> <a id="ntr4-L_202402690EN.000101-E0004" href="#ntc4-L_202402690EN.000101-E0004" >(<span class="oj-super">4</span>)</a>  Commission Implementing Regulation (EU) 2018/151 of 30 January 2018 laying down rules for application of Directive (EU) 2016/1148 of the European Parliament and of the Council as regards further specification of the elements to be taken into account by digital service providers for managing the risks posed to the security of network and information systems and of the parameters for determining whether an incident has a substantial impact (<a href="./../../../../legal-content/EN/AUTO/?uri=OJ:L:2018:026:TOC" >OJ L 26, 31.1.2018, p. 48</a>, ELI: <a href="http://data.europa.eu/eli/reg_impl/2018/151/oj" >http://data.europa.eu/eli/reg_impl/2018/151/oj</a>).</p> </div> <hr class="oj-doc-sep"/> <div id="L_202402690EN.001401.fmx"> <div class="eli-container" id="anx_1"> <p class="oj-doc-ti" id="d1e35-14-1">ANNEX</p> <p class="oj-doc-ti">Technical and methodological requirements referred to in Article 2 of this Regulation</p> <p class="oj-ti-grseq-1" id="d1e44-14-1">1.   <span class="oj-bold">Policy on the security of network and information systems (Article 21(2), point (a) of Directive (EU) 2022/2555)</span> </p> <p class="oj-ti-grseq-1" id="d1e53-14-1">1.1.   <span class="oj-italic">Policy on the security of network and information systems</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">1.1.1.</p> </td> <td valign="top" > <span>For the purpose of Article 21(2), point (a) of Directive (EU) 2022/2555, the policy on the security of network and information systems shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">set out the relevant entities’ approach to managing the security of their network and information systems;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">be appropriate to and complementary with the relevant entities’ business strategy and objectives;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">set out network and information security objectives;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">include a commitment to continual improvement of the security of network and information systems;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(e)</p> </td> <td valign="top" > <p class="oj-normal">include a commitment to provide the appropriate resources needed for its implementation, including the necessary staff, financial resources, processes, tools and technologies;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(f)</p> </td> <td valign="top" > <p class="oj-normal">be communicated to and acknowledged by relevant employees and relevant interested external parties;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(g)</p> </td> <td valign="top" > <p class="oj-normal">lay down roles and responsibilities pursuant to point 1.2;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(h)</p> </td> <td valign="top" > <p class="oj-normal">list the documentation to be kept and the duration of retention of the documentation;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(i)</p> </td> <td valign="top" > <p class="oj-normal">list the topic-specific policies;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(j)</p> </td> <td valign="top" > <p class="oj-normal">lay down indicators and measures to monitor its implementation and the current status of relevant entities’ maturity level of network and information security;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(k)</p> </td> <td valign="top" > <p class="oj-normal">indicate the date of the formal approval by the management bodies of the relevant entities (the ‘management bodies’).</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">1.1.2.</p> </td> <td valign="top" > <span>The network and information system security policy shall be reviewed and, where appropriate, updated by management bodies at least annually and when significant incidents or significant changes to operations or risks occur. The result of the reviews shall be documented.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e144-14-1">1.2.   <span class="oj-italic">Roles, responsibilities and authorities</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">1.2.1.</p> </td> <td valign="top" > <span>As part of their policy on the security of network and information systems referred to in point 1.1, the relevant entities shall lay down responsibilities and authorities for network and information system security and assign them to roles, allocate them according to the relevant entities’ needs, and communicate them to the management bodies.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">1.2.2.</p> </td> <td valign="top" > <span>The relevant entities shall require all personnel and third parties to apply network and information system security in accordance with the established network and information security policy, topic-specific policies and procedures of the relevant entities.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">1.2.3.</p> </td> <td valign="top" > <span>At least one person shall report directly to the management bodies on matters of network and information system security.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">1.2.4.</p> </td> <td valign="top" > <span>Depending on the size of the relevant entities, network and information system security shall be covered by dedicated roles or duties carried out in addition to existing roles.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">1.2.5.</p> </td> <td valign="top" > <span>Conflicting duties and conflicting areas of responsibility shall be segregated, where applicable.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">1.2.6.</p> </td> <td valign="top" > <span>Roles, responsibilities and authorities shall be reviewed and, where appropriate, updated by management bodies at planned intervals and when significant incidents or significant changes to operations or risks occur.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e183-14-1">2.   <span class="oj-bold">Risk management policy (Article 21(2), point (a) of Directive (EU) 2022/2555)</span> </p> <p class="oj-ti-grseq-1" id="d1e192-14-1">2.1.   <span class="oj-italic">Risk management framework</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">2.1.1.</p> </td> <td valign="top" > <span>For the purpose of Article 21(2), point (a) of Directive (EU) 2022/2555, the relevant entities shall establish and maintain an appropriate risk management framework to identify and address the risks posed to the security of network and information systems. The relevant entities shall perform and document risk assessments and, based on the results, establish, implement and monitor a risk treatment plan. Risk assessment results and residual risks shall be accepted by management bodies or, where applicable, by persons who are accountable and have the authority to manage risks, provided that the relevant entities ensure adequate reporting to the management bodies.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">2.1.2.</p> </td> <td valign="top" > <span>For the purpose of point 2.1.1, the relevant entities shall establish procedures for identification, analysis, assessment and treatment of risks (‘cybersecurity risk management process’). The cybersecurity risk management process shall be an integral part of the relevant entities’ overall risk management process, where applicable. As part of the cybersecurity risk management process, the relevant entities shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">follow a risk management methodology;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">establish the risk tolerance level in accordance with the risk appetite of the relevant entities;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">establish and maintain relevant risk criteria;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">in line with an all-hazards approach, identify and document the risks posed to the security of network and information systems, in particular in relation to third parties and risks that could lead to disruptions in the availability, integrity, authenticity and confidentiality of the network and information systems, including the identification of single point of failures;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(e)</p> </td> <td valign="top" > <p class="oj-normal">analyse the risks posed to the security of network and information systems, including threat, likelihood, impact, and risk level, taking into account cyber threat intelligence and vulnerabilities;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(f)</p> </td> <td valign="top" > <p class="oj-normal">evaluate the identified risks based on the risk criteria;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(g)</p> </td> <td valign="top" > <p class="oj-normal">identify and prioritise appropriate risk treatment options and measures;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(h)</p> </td> <td valign="top" > <p class="oj-normal">continuously monitor the implementation of the risk treatment measures;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(i)</p> </td> <td valign="top" > <p class="oj-normal">identify who is responsible for implementing the risk treatment measures and when they should be implemented;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(j)</p> </td> <td valign="top" > <p class="oj-normal">document the chosen risk treatment measures in a risk treatment plan and the reasons justifying the acceptance of residual risks in a comprehensible manner.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">2.1.3.</p> </td> <td valign="top" > <span>When identifying and prioritising appropriate risk treatment options and measures, the relevant entities shall take into account the risk assessment results, the results of the procedure to assess the effectiveness of cybersecurity risk-management measures, the cost of implementation in relation to the expected benefit, the asset classification referred to in point 12.1, and the business impact analysis referred to in point 4.1.3.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">2.1.4.</p> </td> <td valign="top" > <span>The relevant entities shall review and, where appropriate, update the risk assessment results and the risk treatment plan at planned intervals and at least annually, and when significant changes to operations or risks or significant incidents occur.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e287-14-1">2.2.   <span class="oj-italic">Compliance monitoring</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">2.2.1.</p> </td> <td valign="top" > <span>The relevant entities shall regularly review the compliance with their policies on network and information system security, topic-specific policies, rules, and standards. The management bodies shall be informed of the status of network and information security on the basis of the compliance reviews by means of regular reporting.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">2.2.2.</p> </td> <td valign="top" > <span>The relevant entities shall put in place an effective compliance reporting system which shall be appropriate to their structures, operating environments and threat landscapes. The compliance reporting system shall be capable to provide to the management bodies an informed view of the current state of the relevant entities’ management of risks.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">2.2.3.</p> </td> <td valign="top" > <span>The relevant entities shall perform the compliance monitoring at planned intervals and when significant incidents or significant changes to operations or risks occur.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e311-14-1">2.3.   <span class="oj-italic">Independent review of information and network security</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">2.3.1.</p> </td> <td valign="top" > <span>The relevant entities shall review independently their approach to managing network and information system security and its implementation including people, processes and technologies.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">2.3.2.</p> </td> <td valign="top" > <span>The relevant entities shall develop and maintain processes to conduct independent reviews which shall be carried out by individuals with appropriate audit competence. Where the independent review is conducted by staff members of the relevant entity, the persons conducting the reviews shall not be in the line of authority of the personnel of the area under review. If the size of the relevant entities does not allow such separation of line of authority, the relevant entities shall put in place alternative measures to guarantee the impartiality of the reviews.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">2.3.3.</p> </td> <td valign="top" > <span>The results of the independent reviews, including the results from the compliance monitoring pursuant to point 2.2 and the monitoring and measurement pursuant to point 7, shall be reported to the management bodies. Corrective actions shall be taken or residual risk accepted according to the relevant entities’ risk acceptance criteria.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">2.3.4.</p> </td> <td valign="top" > <span>The independent reviews shall take place at planned intervals and when significant incidents or significant changes to operations or risks occur.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e340-14-1">3.   <span class="oj-bold">Incident handling (Article 21(2), point (b), of Directive (EU) 2022/2555)</span> </p> <p class="oj-ti-grseq-1" id="d1e349-14-1">3.1.   <span class="oj-italic">Incident handling policy</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.1.1.</p> </td> <td valign="top" > <span>For the purpose of Article 21(2), point (b) of Directive (EU) 2022/2555, the relevant entities shall establish and implement an incident handling policy laying down the roles, responsibilities, and procedures for detecting, analysing, containing or responding to, recovering from, documenting and reporting of incidents in a timely manner.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.1.2.</p> </td> <td valign="top" > <span>The policy referred to in point 3.1.1 shall be coherent with the business continuity and disaster recovery plan referred to in point 4.1. The policy shall include:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">a categorisation system for incidents that is consistent with the event assessment and classification carried out pursuant to point 3.4.1;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">effective communication plans including for escalation and reporting;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">assignment of roles to detect and appropriately respond to incidents to competent employees;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">documents to be used in the course of incident detection and response such as incident response manuals, escalation charts, contact lists and templates.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.1.3.</p> </td> <td valign="top" > <span>The roles, responsibilities and procedures laid down in the policy shall be tested and reviewed and, where appropriate, updated at planned intervals and after significant incidents or significant changes to operations or risks.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e399-14-1">3.2.   <span class="oj-italic">Monitoring and logging</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.2.1.</p> </td> <td valign="top" > <span>The relevant entities shall lay down procedures and use tools to monitor and log activities on their network and information systems to detect events that could be considered as incidents and respond accordingly to mitigate the impact.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.2.2.</p> </td> <td valign="top" > <span>To the extent feasible, monitoring shall be automated and carried out either continuously or in periodic intervals, subject to business capabilities. The relevant entities shall implement their monitoring activities in a way which minimises false positives and false negatives.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.2.3.</p> </td> <td valign="top" > <span>Based on the procedures referred to in point 3.2.1, the relevant entities shall maintain, document, and review logs. The relevant entities shall establish a list of assets to be subject to logging based on the results of the risk assessment carried out pursuant to point 2.1. Where appropriate, logs shall include:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">relevant outbound and inbound network traffic;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">creation, modification or deletion of users of the relevant entities’ network and information systems and extension of the permissions;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">access to systems and applications;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">authentication-related events;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(e)</p> </td> <td valign="top" > <p class="oj-normal">all privileged access to systems and applications, and activities performed by administrative accounts;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(f)</p> </td> <td valign="top" > <p class="oj-normal">access or changes to critical configuration and backup files;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(g)</p> </td> <td valign="top" > <p class="oj-normal">event logs and logs from security tools, such as antivirus, intrusion detection systems or firewalls;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(h)</p> </td> <td valign="top" > <p class="oj-normal">use of system resources, as well as their performance;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(i)</p> </td> <td valign="top" > <p class="oj-normal">physical access to facilities;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(j)</p> </td> <td valign="top" > <p class="oj-normal">access to and use of their network equipment and devices;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(k)</p> </td> <td valign="top" > <p class="oj-normal">activation, stopping and pausing of the various logs;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(l)</p> </td> <td valign="top" > <p class="oj-normal">environmental events.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.2.4.</p> </td> <td valign="top" > <span>The logs shall be regularly reviewed for any unusual or unwanted trends. Where appropriate, the relevant entities shall lay down appropriate values for alarm thresholds. If the laid down values for alarm threshold are exceeded, an alarm shall be triggered, where appropriate, automatically. The relevant entities shall ensure that, in case of an alarm, a qualified and appropriate response is initiated in a timely manner.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.2.5.</p> </td> <td valign="top" > <span>The relevant entities shall maintain and back up logs for a predefined period and shall protect them from unauthorised access or changes.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.2.6.</p> </td> <td valign="top" > <span>To the extent feasible, the relevant entities shall ensure that all systems have synchronised time sources to be able to correlate logs between systems for event assessment. The relevant entities shall establish and keep a list of all assets that are being logged and ensure that monitoring and logging systems are redundant. The availability of the monitoring and logging systems shall be monitored independent of the systems they are monitoring.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.2.7.</p> </td> <td valign="top" > <span>The procedures as well as the list of assets that are being logged shall be reviewed and, where appropriate, updated at regular intervals and after significant incidents.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e518-14-1">3.3.   <span class="oj-italic">Event reporting</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.3.1.</p> </td> <td valign="top" > <span>The relevant entities shall put in place a simple mechanism allowing their employees, suppliers, and customers to report suspicious events.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.3.2.</p> </td> <td valign="top" > <span>The relevant entities shall, where appropriate, communicate the event reporting mechanism to their suppliers and customers, and shall regularly train their employees how to use the mechanism.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e537-14-1">3.4.   <span class="oj-italic">Event assessment and classification</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.4.1.</p> </td> <td valign="top" > <span>The relevant entities shall assess suspicious events to determine whether they constitute incidents and, if so, determine their nature and severity.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.4.2.</p> </td> <td valign="top" > <span>For the purpose of point 3.4.1, the relevant entities shall act in the following manner:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">carry out the assessment based on predefined criteria laid down in advance, and on a triage to determine prioritisation of incident containment and eradication;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">assess the existence of recurring incidents as referred to in Article 4 of this Regulation on a quarterly basis;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">review the appropriate logs for the purposes of event assessment and classification;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">put in place a process for log correlation and analysis, and</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(e)</p> </td> <td valign="top" > <p class="oj-normal">reassess and reclassify events in case of new information becoming available or after analysis of previously available information.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e588-14-1">3.5.   <span class="oj-italic">Incident response</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.5.1.</p> </td> <td valign="top" > <span>The relevant entities shall respond to incidents in accordance with documented procedures and in a timely manner.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.5.2.</p> </td> <td valign="top" > <span>The incident response procedures shall include the following stages:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">incident containment, to prevent the consequences of the incident from spreading;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">eradication, to prevent the incident from continuing or reappearing,</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">recovery from the incident, where necessary.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.5.3.</p> </td> <td valign="top" > <span>The relevant entities shall establish communication plans and procedures:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">with the Computer Security Incident Response Teams (CSIRTs) or, where applicable, the competent authorities, related to incident notification;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">for communication among staff members of the relevant entity, and for communication with relevant stakeholders external to the relevant entity.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.5.4.</p> </td> <td valign="top" > <span>The relevant entities shall log incident response activities in accordance with the procedures referred to in point 3.2.1, and record evidence.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.5.5.</p> </td> <td valign="top" > <span>The relevant entities shall test at planned intervals their incident response procedures.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e656-14-1">3.6.   <span class="oj-italic">Post-incident reviews</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.6.1.</p> </td> <td valign="top" > <span>Where appropriate, the relevant entities shall carry out post-incident reviews after recovery from incidents. The post-incident reviews shall identify, where possible, the root cause of the incident and result in documented lessons learned to reduce the occurrence and consequences of future incidents.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.6.2.</p> </td> <td valign="top" > <span>The relevant entities shall ensure that post-incident reviews contribute to improving their approach to network and information security, to risk treatment measures, and to incident handling, detection and response procedures.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">3.6.3.</p> </td> <td valign="top" > <span>The relevant entities shall review at planned intervals if incidents led to post-incident reviews.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e680-14-1">4.   <span class="oj-bold">Business continuity and crisis management (Article 21(2), point (c), of Directive (EU) 2022/2555)</span> </p> <p class="oj-ti-grseq-1" id="d1e689-14-1">4.1.   <span class="oj-italic">Business continuity and disaster recovery plan</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">4.1.1.</p> </td> <td valign="top" > <span>For the purpose of Article 21(2), point (c) of Directive (EU) 2022/2555, the relevant entities shall lay down and maintain a business continuity and disaster recovery plan to apply in the case of incidents.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">4.1.2.</p> </td> <td valign="top" > <span>The relevant entities’ operations shall be restored according to the business continuity and disaster recovery plan. The plan shall be based on the results of the risk assessment carried out pursuant to point 2.1 and shall include, where appropriate, the following:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">purpose, scope and audience;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">roles and responsibilities;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">key contacts and (internal and external) communication channels;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">conditions for plan activation and deactivation;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(e)</p> </td> <td valign="top" > <p class="oj-normal">order of recovery for operations;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(f)</p> </td> <td valign="top" > <p class="oj-normal">recovery plans for specific operations, including recovery objectives;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(g)</p> </td> <td valign="top" > <p class="oj-normal">required resources, including backups and redundancies;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(h)</p> </td> <td valign="top" > <p class="oj-normal">restoring and resuming activities from temporary measures.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">4.1.3.</p> </td> <td valign="top" > <span>The relevant entities shall carry out a business impact analysis to assess the potential impact of severe disruptions to their business operations and shall, based on the results of the business impact analysis, establish continuity requirements for the network and information systems.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">4.1.4.</p> </td> <td valign="top" > <span>The business continuity plan and disaster recovery plan shall be tested, reviewed and, where appropriate, updated at planned intervals and following significant incidents or significant changes to operations or risks. The relevant entities shall ensure that the plans incorporate lessons learnt from such tests.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e768-14-1">4.2.   <span class="oj-italic">Backup and redundancy management</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">4.2.1.</p> </td> <td valign="top" > <span>The relevant entities shall maintain backup copies of data and provide sufficient available resources, including facilities, network and information systems and staff, to ensure an appropriate level of redundancy.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">4.2.2.</p> </td> <td valign="top" > <span>Based on the results of the risk assessment carried out pursuant to point 2.1 and the business continuity plan, the relevant entities shall lay down backup plans which include the following:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">recovery times;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">assurance that backup copies are complete and accurate, including configuration data and data stored in cloud computing service environment;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">storing backup copies (online or offline) in a safe location or locations, which are not in the same network as the system, and are at sufficient distance to escape any damage from a disaster at the main site;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">appropriate physical and logical access controls to backup copies, in accordance with the asset classification level;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(e)</p> </td> <td valign="top" > <p class="oj-normal">restoring data from backup copies;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(f)</p> </td> <td valign="top" > <p class="oj-normal">retention periods based on business and regulatory requirements.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">4.2.3.</p> </td> <td valign="top" > <span>The relevant entities shall perform regular integrity checks on the backup copies.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">4.2.4.</p> </td> <td valign="top" > <span>Based on the results of the risk assessment carried out pursuant to point 2.1 and the business continuity plan, the relevant entities shall ensure sufficient availability of resources by at least partial redundancy of the following:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">network and information systems;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">assets, including facilities, equipment and supplies;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">personnel with the necessary responsibility, authority and competence;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">appropriate communication channels.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">4.2.5.</p> </td> <td valign="top" > <span>Where appropriate, the relevant entities shall ensure that monitoring and adjustment of resources, including facilities, systems and personnel, is duly informed by backup and redundancy requirements.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">4.2.6.</p> </td> <td valign="top" > <span>The relevant entities shall carry out regular testing of the recovery of backup copies and redundancies to ensure that, in recovery conditions, they can be relied upon and cover the copies, processes and knowledge to perform an effective recovery. The relevant entities shall document the results of the tests and, where needed, take corrective action.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e871-14-1">4.3.   <span class="oj-italic">Crisis management</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">4.3.1.</p> </td> <td valign="top" > <span>The relevant entities shall put in place a process for crisis management.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">4.3.2.</p> </td> <td valign="top" > <span>The relevant entities shall ensure that the crisis management process addresses at least the following elements:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">roles and responsibilities for personnel and, where appropriate, suppliers and service providers, specifying the allocation of roles in crisis situations, including specific steps to follow;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">appropriate communication means between the relevant entities and relevant competent authorities;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">application of appropriate measures to ensure the maintenance of network and information system security in crisis situations.</p> </td> </tr> </tbody> </table> <p class="oj-normal">For the purpose of point (b), the flow of information between the relevant entities and relevant competent authorities shall include both obligatory communications, such as incident reports and related timelines, and non-obligatory communications.</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">4.3.3.</p> </td> <td valign="top" > <span>The relevant entities shall implement a process for managing and making use of information received from the CSIRTs or, where applicable, the competent authorities, concerning incidents, vulnerabilities, threats or possible mitigation measures.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">4.3.4.</p> </td> <td valign="top" > <span>The relevant entities shall test, review and, where appropriate, update the crisis management plan on a regular basis or following significant incidents or significant changes to operations or risks.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e922-14-1">5.   <span class="oj-bold">Supply chain security (Article 21(2), point (d), of Directive (EU) 2022/2555)</span> </p> <p class="oj-ti-grseq-1" id="d1e931-14-1">5.1.   <span class="oj-italic">Supply chain security policy</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">5.1.1.</p> </td> <td valign="top" > <span>For the purpose of Article 21(2), point (d) of Directive (EU) 2022/2555, the relevant entities shall establish, implement and apply a supply chain security policy which governs the relations with their direct suppliers and service providers in order to mitigate the identified risks to the security of network and information systems. In the supply chain security policy, the relevant entities shall identify their role in the supply chain and communicate it to their direct suppliers and service providers.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">5.1.2.</p> </td> <td valign="top" > <span>As part of the supply chain security policy referred to in point 5.1.1, the relevant entities shall lay down criteria to select and contract suppliers and service providers. Those criteria shall include the following:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">the cybersecurity practices of the suppliers and service providers, including their secure development procedures;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">the ability of the suppliers and service providers to meet cybersecurity specifications set by the relevant entities;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">the overall quality and resilience of ICT products and ICT services and the cybersecurity risk-management measures embedded in them, including the risks and classification level of the ICT products and ICT services;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">the ability of the relevant entities to diversify sources of supply and limit vendor lock-in, where applicable.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">5.1.3.</p> </td> <td valign="top" > <span>When establishing their supply chain security policy, relevant entities shall take into account the results of the coordinated security risk assessments of critical supply chains carried out in accordance with Article 22(1) of Directive (EU) 2022/2555, where applicable.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">5.1.4.</p> </td> <td valign="top" > <span>Based on the supply chain security policy and taking into account the results of the risk assessment carried out in accordance with point 2.1 of this Annex, the relevant entities shall ensure that their contracts with the suppliers and service providers specify, where appropriate through service level agreements, the following, where appropriate:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">cybersecurity requirements for the suppliers or service providers, including requirements as regards the security in acquisition of ICT services or ICT products set out in point 6.1;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">requirements regarding awareness, skills and training, and where appropriate certifications, required from the suppliers’ or service providers’ employees;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">requirements regarding the verification of the background of the suppliers’ and service providers’ employees;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">an obligation on suppliers and service providers to notify, without undue delay, the relevant entities of incidents that present a risk to the security of the network and information systems of those entities;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(e)</p> </td> <td valign="top" > <p class="oj-normal">the right to audit or right to receive audit reports;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(f)</p> </td> <td valign="top" > <p class="oj-normal">an obligation on suppliers and service providers to handle vulnerabilities that present a risk to the security of the network and information systems of the relevant entities;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(g)</p> </td> <td valign="top" > <p class="oj-normal">requirements regarding subcontracting and, where the relevant entities allow subcontracting, cybersecurity requirements for subcontractors in accordance with the cybersecurity requirements referred to in point (a);</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(h)</p> </td> <td valign="top" > <p class="oj-normal">obligations on the suppliers and service providers at the termination of the contract, such as retrieval and disposal of the information obtained by the suppliers and service providers in the exercise of their tasks.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">5.1.5.</p> </td> <td valign="top" > <span>The relevant entities shall take into account the elements referred to in point 5.1.2 and 5.1.3 as part of the selection process of new suppliers and service providers, as well as part of the procurement process referred to in point 6.1.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">5.1.6.</p> </td> <td valign="top" > <span>The relevant entities shall review the supply chain security policy, and monitor, evaluate and, where necessary, act upon changes in the cybersecurity practices of suppliers and service providers, at planned intervals and when significant changes to operations or risks or significant incidents related to the provision of ICT services or having impact on the security of the ICT products from suppliers and service providers occur.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">5.1.7.</p> </td> <td valign="top" > <span>For the purpose of point 5.1.6, the relevant entities shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">regularly monitor reports on the implementation of the service level agreements, where applicable;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">review incidents related to ICT products and ICT services from suppliers and service providers;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">assess the need for unscheduled reviews and document the findings in a comprehensible manner;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">analyse the risks presented by changes related to ICT products and ICT services from suppliers and service providers and, where appropriate, take mitigating measures in a timely manner.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e1077-14-1">5.2.   <span class="oj-italic">Directory of suppliers and service providers</span> </p> <p class="oj-normal">The relevant entities shall maintain and keep up to date a registry of their direct suppliers and service providers, including:</p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">contact points for each direct supplier and service provider;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">a list of ICT products, ICT services, and ICT processes provided by the direct supplier or service provider to the relevant entities.</p> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e1101-14-1">6.   <span class="oj-bold">Security in network and information systems acquisition, development and maintenance (Article 21(2), point (e), of Directive (EU) 2022/2555)</span> </p> <p class="oj-ti-grseq-1" id="d1e1110-14-1">6.1.   <span class="oj-italic">Security in acquisition of ICT services or ICT products</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.1.1.</p> </td> <td valign="top" > <span>For the purpose of Article 21(2), point (e) of Directive (EU) 2022/2555, the relevant entities shall set and implement processes to manage risks stemming from the acquisition of ICT services or ICT products for components that are critical for the relevant entities’ security of network and information systems, based on the risk assessment carried out pursuant to point 2.1, from suppliers or service providers throughout their life cycle.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.1.2.</p> </td> <td valign="top" > <span>For the purpose of point 6.1.1, the processes referred to in point 6.1.1 shall include:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">security requirements to apply to the ICT services or ICT products to be acquired;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">requirements regarding security updates throughout the entire lifetime of the ICT services or ICT products, or replacement after the end of the support period;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">information describing the hardware and software components used in the ICT services or ICT products;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">information describing the implemented cybersecurity functions of the ICT services or ICT products and the configuration required for their secure operation;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(e)</p> </td> <td valign="top" > <p class="oj-normal">assurance that the ICT services or ICT products comply with the security requirements according to point (a);</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(f)</p> </td> <td valign="top" > <p class="oj-normal">methods for validating that the delivered ICT services or ICT products are compliant to the stated security requirements, as well as documentation of the results of the validation.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.1.3.</p> </td> <td valign="top" > <span>The relevant entities shall review and, where appropriate, update the processes at planned intervals and when significant incidents occur.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e1172-14-1">6.2.   <span class="oj-italic">Secure development life cycle</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.2.1.</p> </td> <td valign="top" > <span>Before developing a network and information system, including software, the relevant entities shall lay down rules for the secure development of network and information systems and apply them when developing network and information systems in-house, or when outsourcing the development of network and information systems. The rules shall cover all development phases, including specification, design, development, implementation and testing.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.2.2.</p> </td> <td valign="top" > <span>For the purpose of point 6.2.1, the relevant entities shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">carry out an analysis of security requirements at the specification and design phases of any development or acquisition project undertaken by the relevant entities or on behalf of those entities;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">apply principles for engineering secure systems and secure coding principles to any information system development activities such as promoting cybersecurity-by-design, zero-trust architectures;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">lay down security requirements regarding development environments;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">establish and implement security testing processes in the development life cycle;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(e)</p> </td> <td valign="top" > <p class="oj-normal">appropriately select, protect and manage security test data;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(f)</p> </td> <td valign="top" > <p class="oj-normal">sanitise and anonymise testing data according to the risk assessment carried out pursuant to point 2.1.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.2.3.</p> </td> <td valign="top" > <span>For outsourced development of network and information systems, the relevant entities shall also apply the policies and procedures referred to in points 5 and 6.1.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.2.4.</p> </td> <td valign="top" > <span>The relevant entities shall review and, where necessary, update their secure development rules at planned intervals.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e1239-14-1">6.3.   <span class="oj-italic">Configuration management</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.3.1.</p> </td> <td valign="top" > <span>The relevant entities shall take the appropriate measures to establish, document, implement, and monitor configurations, including security configurations of hardware, software, services and networks.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.3.2.</p> </td> <td valign="top" > <span>For the purpose of point 6.3.1, the relevant entities shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">lay down and ensure security in configurations for their hardware, software, services and networks;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">lay down and implement processes and tools to enforce the laid down secure configurations for hardware, software, services and networks, for newly installed systems as well as for systems in operation over their lifetime.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.3.3.</p> </td> <td valign="top" > <span>The relevant entities shall review and, where appropriate, update configurations at planned intervals or when significant incidents or significant changes to operations or risks occur.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e1277-14-1">6.4.   <span class="oj-italic">Change management, repairs and maintenance</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.4.1.</p> </td> <td valign="top" > <span>The relevant entities shall apply change management procedures to control changes of network and information systems. Where applicable, the procedures shall be consistent with the relevant entities’ general policies concerning change management.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.4.2.</p> </td> <td valign="top" > <span>The procedures referred to in point 6.4.1 shall be applied for releases, modifications and emergency changes of any software and hardware in operation and changes to the configuration. The procedures shall ensure that those changes are documented and, based on the risk assessment carried out pursuant to point 2.1, tested and assessed in view of the potential impact before being implemented.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.4.3.</p> </td> <td valign="top" > <span>In the event that the regular change management procedures could not be followed due to an emergency, the relevant entities shall document the result of the change, and the explanation for why the procedures could not be followed.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.4.4.</p> </td> <td valign="top" > <span>The relevant entities shall review and, where appropriate, update the procedures at planned intervals and when significant incidents or significant changes to operations or risks.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e1306-14-1">6.5.   <span class="oj-italic">Security testing</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.5.1.</p> </td> <td valign="top" > <span>The relevant entities shall establish, implement and apply a policy and procedures for security testing.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.5.2.</p> </td> <td valign="top" > <span>The relevant entities shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">establish, based on the risk assessment carried out pursuant to point 2.1, the need, scope, frequency and type of security tests;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">carry out security tests according to a documented test methodology, covering the components identified as relevant for secure operation in a risk analysis;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">document the type, scope, time and results of the tests, including assessment of criticality and mitigating actions for each finding;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">apply mitigating actions in case of critical findings.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.5.3.</p> </td> <td valign="top" > <span>The relevant entities shall review and, where appropriate, update their security testing policies at planned intervals.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e1356-14-1">6.6.   <span class="oj-italic">Security patch management</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.6.1.</p> </td> <td valign="top" > <span>The relevant entities shall specify and apply procedures, coherent with the change management procedures referred to in point 6.4.1 as well as with vulnerability management, risk management and other relevant management procedures, for ensuring that:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">security patches are applied within a reasonable time after they become available;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">security patches are tested before being applied in production systems;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">security patches come from trusted sources and are checked for integrity;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">additional measures are implemented and residual risks are accepted in cases where a patch is not available or not applied pursuant to point 6.6.2.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.6.2.</p> </td> <td valign="top" > <span>By way of derogation from point 6.6.1(a), the relevant entities may choose not to apply security patches when the disadvantages of applying the security patches outweigh the cybersecurity benefits. The relevant entities shall duly document and substantiate the reasons for any such decision.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e1401-14-1">6.7.   <span class="oj-italic">Network security</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.7.1.</p> </td> <td valign="top" > <span>The relevant entities shall take the appropriate measures to protect their network and information systems from cyber threats.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.7.2.</p> </td> <td valign="top" > <span>For the purpose of point 6.7.1, the relevant entities shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">document the architecture of the network in a comprehensible and up to date manner;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">determine and apply controls to protect the relevant entities’ internal network domains from unauthorised access;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">configure controls to prevent accesses and network communication not required for the operation of the relevant entities;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">determine and apply controls for remote access to network and information systems, including access by service providers;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(e)</p> </td> <td valign="top" > <p class="oj-normal">not use systems used for administration of the security policy implementation for other purposes;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(f)</p> </td> <td valign="top" > <p class="oj-normal">explicitly forbid or deactivate unneeded connections and services;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(g)</p> </td> <td valign="top" > <p class="oj-normal">where appropriate, exclusively allow access to the relevant entities’ network and information systems by devices authorised by those entities;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(h)</p> </td> <td valign="top" > <p class="oj-normal">allow connections of service providers only after an authorisation request and for a set time period, such as the duration of a maintenance operation;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(i)</p> </td> <td valign="top" > <p class="oj-normal">establish communication between distinct systems only through trusted channels that are isolated using logical, cryptographic or physical separation from other communication channels and provide assured identification of their end points and protection of the channel data from modification or disclosure;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(j)</p> </td> <td valign="top" > <p class="oj-normal">adopt an implementation plan for the full transition towards latest generation network layer communication protocols in a secure, appropriate and gradual way and establish measures to accelerate such transition;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(k)</p> </td> <td valign="top" > <p class="oj-normal">adopt an implementation plan for the deployment of internationally agreed and interoperable modern e-mail communications standards to secure e-mail communications to mitigate vulnerabilities linked to e-mail-related threats and establish measures to accelerate such deployment;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(l)</p> </td> <td valign="top" > <p class="oj-normal">apply best practices for the security of the DNS, and for Internet routing security and routing hygiene of traffic originating from and destined to the network.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.7.3.</p> </td> <td valign="top" > <span>The relevant entities shall review and, where appropriate, update these measures at planned intervals and when significant incidents or significant changes to operations or risks occur.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e1500-14-1">6.8.   <span class="oj-italic">Network segmentation</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.8.1.</p> </td> <td valign="top" > <span>The relevant entities shall segment systems into networks or zones in accordance with the results of the risk assessment referred to in point 2.1. They shall segment their systems and networks from third parties’ systems and networks.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.8.2.</p> </td> <td valign="top" > <span>For that purpose, the relevant entities shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">consider the functional, logical and physical relationship, including location, between trustworthy systems and services;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">grant access to a network or zone based on an assessment of its security requirements;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">keep systems that are critical to the relevant entities operation or to safety in secured zones;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">deploy a demilitarised zone within their communication networks to ensure secure communication originating from or destined to their networks;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(e)</p> </td> <td valign="top" > <p class="oj-normal">restrict access and communications between and within zones to those necessary for the operation of the relevant entities or for safety;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(f)</p> </td> <td valign="top" > <p class="oj-normal">separate the dedicated network for administration of network and information systems from the relevant entities’ operational network;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(g)</p> </td> <td valign="top" > <p class="oj-normal">segregate network administration channels from other network traffic;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(h)</p> </td> <td valign="top" > <p class="oj-normal">separate the production systems for the relevant entities’ services from systems used in development and testing, including backups.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.8.3.</p> </td> <td valign="top" > <span>The relevant entities shall review and, where appropriate, update network segmentation at planned intervals and when significant incidents or significant changes to operations or risks.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e1574-14-1">6.9.   <span class="oj-italic">Protection against malicious and unauthorised software</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.9.1.</p> </td> <td valign="top" > <span>The relevant entities shall protect their network and information systems against malicious and unauthorised software.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.9.2.</p> </td> <td valign="top" > <span>For that purpose, the relevant entities shall in particular implement measures that detect or prevent the use of malicious or unauthorised software. The relevant entities shall, where appropriate, ensure that their network and information systems are equipped with detection and response software, which is updated regularly in accordance with the risk assessment carried out pursuant to point 2.1 and the contractual agreements with the providers.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e1593-14-1">6.10.   <span class="oj-italic">Vulnerability handling and disclosure</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.10.1.</p> </td> <td valign="top" > <span>The relevant entities shall obtain information about technical vulnerabilities in their network and information systems, evaluate their exposure to such vulnerabilities, and take appropriate measures to manage the vulnerabilities.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.10.2.</p> </td> <td valign="top" > <span>For the purpose of point 6.10.1, the relevant entities shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">monitor information about vulnerabilities through appropriate channels, such as announcements of CSIRTs, competent authorities or information provided by suppliers or service providers;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">perform, where appropriate, vulnerability scans, and record evidence of the results of the scans, at planned intervals;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">address, without undue delay, vulnerabilities identified by the relevant entities as critical to their operations;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">ensure that their vulnerability handling is compatible with their change management, security patch management, risk management and incident management procedures;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(e)</p> </td> <td valign="top" > <p class="oj-normal">lay down a procedure for disclosing vulnerabilities in accordance with the applicable national coordinated vulnerability disclosure policy.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.10.3.</p> </td> <td valign="top" > <span>When justified by the potential impact of the vulnerability, the relevant entities shall create and implement a plan to mitigate the vulnerability. In other cases, the relevant entities shall document and substantiate the reason why the vulnerability does not require remediation.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">6.10.4.</p> </td> <td valign="top" > <span>The relevant entities shall review and, where appropriate, update at planned intervals the channels they use for monitoring vulnerability information.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e1654-14-1">7.   <span class="oj-bold">Policies and procedures to assess the effectiveness of cybersecurity risk-management measures (Article 21(2), point (f), of Directive (EU) 2022/2555)</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">7.1.</p> </td> <td valign="top" > <span>For the purpose of Article 21(2), point (f) of Directive (EU) 2022/2555, the relevant entities shall establish, implement and apply a policy and procedures to assess whether the cybersecurity risk-management measures taken by the relevant entity are effectively implemented and maintained.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">7.2.</p> </td> <td valign="top" > <span>The policy and procedures referred to in point 7.1 shall take into account results of the risk assessment pursuant to point 2.1 and past significant incidents. The relevant entities shall determine:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">what cybersecurity risk-management measures are to be monitored and measured, including processes and controls;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">when the monitoring and measuring is to be performed;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">who is responsible for monitoring and measuring the effectiveness of the cybersecurity risk-management measures;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(e)</p> </td> <td valign="top" > <p class="oj-normal">when the results from monitoring and measurement are to be analysed and evaluated;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(f)</p> </td> <td valign="top" > <p class="oj-normal">who has to analyse and evaluate these results.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">7.3.</p> </td> <td valign="top" > <span>The relevant entities shall review and, where appropriate, update the policy and procedures at planned intervals and when significant incidents or significant changes to operations or risks.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e1716-14-1">8.   <span class="oj-bold">Basic cyber hygiene practices and security training (Article 21(2), point (g), of Directive (EU) 2022/2555)</span> </p> <p class="oj-ti-grseq-1" id="d1e1725-14-1">8.1.   <span class="oj-italic">Awareness raising and basic cyber hygiene practices</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">8.1.1.</p> </td> <td valign="top" > <span>For the purpose of Article 21(2), point (g) of Directive (EU) 2022/2555, the relevant entities shall ensure that their employees, including members of management bodies, as well as direct suppliers and service providers are aware of risks, are informed of the importance of cybersecurity and apply cyber hygiene practices.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">8.1.2.</p> </td> <td valign="top" > <span>For the purpose of point 8.1.1, the relevant entities shall offer to their employees, including members of management bodies, as well as to direct suppliers and service providers where appropriate in accordance with point 5.1.4, an awareness raising programme, which shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">be scheduled over time, so that the activities are repeated and cover new employees;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">be established in line with the network and information security policy, topic-specific policies and relevant procedures on network and information security;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">cover relevant cyber threats, the cybersecurity risk-management measures in place, contact points and resources for additional information and advice on cybersecurity matters, as well as cyber hygiene practices for users.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">8.1.3.</p> </td> <td valign="top" > <span>The awareness raising programme shall, where appropriate, be tested in terms of effectiveness. The awareness raising programme shall be updated and offered at planned intervals taking into account changes in cyber hygiene practices, and the current threat landscape and risks posed to the relevant entities.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e1769-14-1">8.2.   <span class="oj-italic">Security training</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">8.2.1.</p> </td> <td valign="top" > <span>The relevant entities shall identify employees, whose roles require security relevant skill sets and expertise, and ensure that they receive regular training on network and information system security.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">8.2.2.</p> </td> <td valign="top" > <span>The relevant entities shall establish, implement and apply a training program in line with the network and information security policy, topic-specific policies and other relevant procedures on network and information security which lays down the training needs for certain roles and positions based on criteria.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">8.2.3.</p> </td> <td valign="top" > <span>The training referred to in point 8.2.1 shall be relevant to the job function of the employee and its effectiveness shall be assessed. Training shall take into consideration security measures in place and cover the following:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">instructions regarding the secure configuration and operation of the network and information systems, including mobile devices;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">briefing on known cyber threats;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">training of the behaviour when security-relevant events occur.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">8.2.4.</p> </td> <td valign="top" > <span>The relevant entities shall apply training to staff members who transfer to new positions or roles which require security relevant skill sets and expertise.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">8.2.5.</p> </td> <td valign="top" > <span>The program shall be updated and run periodically taking into account applicable policies and rules, assigned roles, responsibilities, as well as known cyber threats and technological developments.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e1823-14-1">9.   <span class="oj-bold">Cryptography (Article 21(2), point (h), of Directive (EU) 2022/2555)</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">9.1.</p> </td> <td valign="top" > <span>For the purpose of Article 21(2), point (h) of Directive (EU) 2022/2555, the relevant entities shall establish, implement and apply a policy and procedures related to cryptography, with a view to ensuring adequate and effective use of cryptography to protect the confidentiality, authenticity and integrity of data in line with the relevant entities’ asset classification and the results of the risk assessment carried out pursuant to point 2.1.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">9.2.</p> </td> <td valign="top" > <span>The policy and procedures referred to in point 9.1 shall establish:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">in accordance with the relevant entities’ classification of assets, the type, strength and quality of the cryptographic measures required to protect the relevant entities’ assets, including data at rest and data in transit;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">based on point (a), the protocols or families of protocols to be adopted, as well as cryptographic algorithms, cipher strength, cryptographic solutions and usage practices to be approved and required for use in the relevant entities, following, where appropriate, a cryptographic agility approach;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">the relevant entities’ approach to key management, including, where appropriate, methods for the following:</p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(i)</p> </td> <td valign="top" > <p class="oj-normal">generating different keys for cryptographic systems and applications;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(ii)</p> </td> <td valign="top" > <p class="oj-normal">issuing and obtaining public key certificates;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(iii)</p> </td> <td valign="top" > <p class="oj-normal">distributing keys to intended entities, including how to activate keys when received;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(iv)</p> </td> <td valign="top" > <p class="oj-normal">storing keys, including how authorised users obtain access to keys;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(v)</p> </td> <td valign="top" > <p class="oj-normal">changing or updating keys, including rules on when and how to change keys;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(vi)</p> </td> <td valign="top" > <p class="oj-normal">dealing with compromised keys;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(vii)</p> </td> <td valign="top" > <p class="oj-normal">revoking keys including how to withdraw or deactivate keys;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(viii)</p> </td> <td valign="top" > <p class="oj-normal">recovering lost or corrupted keys;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(ix)</p> </td> <td valign="top" > <p class="oj-normal">backing up or archiving keys;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(x)</p> </td> <td valign="top" > <p class="oj-normal">destroying keys;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(xi)</p> </td> <td valign="top" > <p class="oj-normal">logging and auditing of key management-related activities;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(xii)</p> </td> <td valign="top" > <p class="oj-normal">setting activation and deactivation dates for keys ensuring that the keys can only be used for the specified period of time according to the organization's rules on key management.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">9.3.</p> </td> <td valign="top" > <span>The relevant entities shall review and, where appropriate, update their policy and procedures at planned intervals, taking into account the state of the art in cryptography.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e1942-14-1">10.   <span class="oj-bold">Human resources security (Article 21(2), point (i), of Directive (EU) 2022/2555)</span> </p> <p class="oj-ti-grseq-1" id="d1e1951-14-1">10.1.   <span class="oj-italic">Human resources security</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">10.1.1.</p> </td> <td valign="top" > <span>For the purpose of Article 21(2), point (i) of Directive (EU) 2022/2555, the relevant entities shall ensure that their employees and direct suppliers and service providers, wherever applicable, understand and commit to their security responsibilities, as appropriate for the offered services and the job and in line with the relevant entities’ policy on the security of network and information systems.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">10.1.2.</p> </td> <td valign="top" > <span>The requirement referred to in point 10.1.1 shall include the following:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">mechanisms to ensure that all employees, direct suppliers and service providers, wherever applicable, understand and follow the standard cyber hygiene practices that the relevant entities apply pursuant to point 8.1;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">mechanisms to ensure that all users with administrative or privileged access are aware of and act in accordance with their roles, responsibilities and authorities;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">mechanisms to ensure that members of management bodies understand and act in accordance with their role, responsibilities and authorities regarding network and information system security;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">mechanisms for hiring personnel qualified for the respective roles, such as reference checks, vetting procedures, validation of certifications, or written tests.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">10.1.3.</p> </td> <td valign="top" > <span>The relevant entities shall review the assignment of personnel to specific roles as referred to in point 1.2, as well as their commitment of human resources in that regard, at planned intervals and at least annually. They shall updatethe assignment where necessary.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e2001-14-1">10.2.   <span class="oj-italic">Verification of background</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">10.2.1.</p> </td> <td valign="top" > <span>The relevant entities shall ensure to the extent feasible verification of the background of their employees, and where applicable of direct suppliers and service providers in accordance with point 5.1.4, if necessary for their role, responsibilities and authorisations.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">10.2.2.</p> </td> <td valign="top" > <span>For the purpose of point 10.2.1, the relevant entities shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">put in place criteria, which set out which roles, responsibilities and authorities shall only be exercised by persons whose background has been verified;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">ensure that verification referred to in point 10.2.1 is performed on these persons before they start exercising these roles, responsibilities and authorities, which shall take into consideration the applicable laws, regulations, and ethics in proportion to the business requirements, the asset classification as referred to in point 12.1 and the network and information systems to be accessed, and the perceived risks.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">10.2.3.</p> </td> <td valign="top" > <span>The relevant entities shall review and, where appropriate, update the policy at planned intervals and update it where necessary.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e2039-14-1">10.3.   <span class="oj-italic">Termination or change of employment procedures</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">10.3.1.</p> </td> <td valign="top" > <span>The relevant entities shall ensure that network and information system security responsibilities and duties that remain valid after termination or change of employment of their employees are contractually defined and enforced.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">10.3.2.</p> </td> <td valign="top" > <span>For the purpose of point 10.3.1, the relevant entities shall include in the individual’s terms and conditions of employment, contract or agreement the responsibilities and duties that are still valid after termination of employment or contract, such as confidentiality clauses.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e2058-14-1">10.4.   <span class="oj-italic">Disciplinary process</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">10.4.1.</p> </td> <td valign="top" > <span>The relevant entities shall establish, communicate and maintain a disciplinary process for handling violations of network and information system security policies. The process shall take into consideration relevant legal, statutory, contractual and business requirements.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">10.4.2.</p> </td> <td valign="top" > <span>The relevant entities shall review and, where appropriate, update the disciplinary process at planned intervals, and when necessary due to legal changes or significant changes to operations or risks.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e2077-14-1">11.   <span class="oj-bold">Access control (Article 21(2), points (i) and (j), of Directive (EU) 2022/2555)</span> </p> <p class="oj-ti-grseq-1" id="d1e2086-14-1">11.1.   <span class="oj-italic">Access control policy</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.1.1.</p> </td> <td valign="top" > <span>For the purpose of Article 21(2), point (i) of Directive (EU) 2022/2555, the relevant entities shall establish, document and implement logical and physical access control policies for the access to their network and information systems, based on business requirements as well as network and information system security requirements.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.1.2.</p> </td> <td valign="top" > <span>The policies referred to in point 11.1.1. shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">address access by persons, including staff, visitors, and external entities such as suppliers and service providers;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">address access by network and information systems;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">ensure that access is only granted to users that have been adequately authenticated.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.1.3.</p> </td> <td valign="top" > <span>The relevant entities shall review and, where appropriate, update the policies at planned intervals and when significant incidents or significant changes to operations or risks occur.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e2130-14-1">11.2.   <span class="oj-italic">Management of access rights</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.2.1.</p> </td> <td valign="top" > <span>The relevant entities shall provide, modify, remove and document access rights to network and information systems in accordance with the access control policy referred to in point 11.1.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.2.2.</p> </td> <td valign="top" > <span>The relevant entities shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">assign and revoke access rights based on the principles of need-to-know, least privilege and separation of duties;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">ensure that access rights are modified accordingly upon termination or change of employment;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">ensure that access to network and information systems is authorised by the relevant persons;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">ensure that access rights appropriately address third-party access, such as visitors, suppliers and service providers, in particular by limiting access rights in scope and in duration;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(e)</p> </td> <td valign="top" > <p class="oj-normal">maintain a register of access rights granted;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(f)</p> </td> <td valign="top" > <p class="oj-normal">apply logging to the management of access rights.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.2.3.</p> </td> <td valign="top" > <span>The relevant entities shall review access rights at planned intervals and shall modify them based on organisational changes. The relevant entities shall document the results of the review including the necessary changes of access rights.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e2192-14-1">11.3.   <span class="oj-italic">Privileged accounts and system administration accounts</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.3.1.</p> </td> <td valign="top" > <span>The relevant entities shall maintain policies for management of privileged accounts and system administration accounts as part of the access control policy referred to in point 11.1.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.3.2.</p> </td> <td valign="top" > <span>The policies referred to in point 11.3.1 shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">establish strong identification, authentication such as multi-factor authentication, and authorisation procedures for privileged accounts and system administration accounts;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">set up specific accounts to be used for system administration operations exclusively, such as installation, configuration, management or maintenance;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">individualise and restrict system administration privileges to the highest extent possible,</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">provide that system administration accounts are only used to connect to system administration systems.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.3.3.</p> </td> <td valign="top" > <span>The relevant entities shall review access rights of privileged accounts and system administration accounts at planned intervals and be modified based on organisational changes, and shall document the results of the review, including the necessary changes of access rights.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e2242-14-1">11.4.   <span class="oj-italic">Administration systems</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.4.1.</p> </td> <td valign="top" > <span>The relevant entities shall restrict and control the use of system administration systems in accordance with the access control policy referred to in point 11.1.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.4.2.</p> </td> <td valign="top" > <span>For that purpose, the relevant entities shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">only use system administration systems for system administration purposes, and not for any other operations;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">separate logically such systems from application software not used for system administrative purposes,</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">protect access to system administration systems through authentication and encryption.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e2281-14-1">11.5.   <span class="oj-italic">Identification</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.5.1.</p> </td> <td valign="top" > <span>The relevant entities shall manage the full life cycle of identities of network and information systems and their users.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.5.2.</p> </td> <td valign="top" > <span>For that purpose, the relevant entities shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">set up unique identities for network and information systems and their users;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">link the identity of users to a single person;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">ensure oversight of identities of network and information systems;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">apply logging to the management of identities.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.5.3.</p> </td> <td valign="top" > <span>The relevant entities shall only permit identities assigned to multiple persons, such as shared identities, where they are necessary for business or operational reasons and are subject to an explicit approval process and documentation. The relevant entities shall take identities assigned to multiple persons into account in the cybersecurity risk management framework referred to in point 2.1.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.5.4.</p> </td> <td valign="top" > <span>The relevant entities shall regularly review the identities for network and information systems and their users and, if no longer needed, deactivate them without delay.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e2336-14-1">11.6.   <span class="oj-italic">Authentication</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.6.1.</p> </td> <td valign="top" > <span>The relevant entities shall implement secure authentication procedures and technologies based on access restrictions and the policy on access control.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.6.2.</p> </td> <td valign="top" > <span>For that purpose, the relevant entities shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">ensure the strength of authentication is appropriate to the classification of the asset to be accessed;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">control the allocation to users and management of secret authentication information by a process that ensures the confidentiality of the information, including advising personnel on appropriate handling of authentication information;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">require the change of authentication credentials initially, at predefined intervals and upon suspicion that the credentials were compromised;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">require the reset of authentication credentials and the blocking of users after a predefined number of unsuccessful log-in attempts;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(e)</p> </td> <td valign="top" > <p class="oj-normal">terminate inactive sessions after a predefined period of inactivity; and</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(f)</p> </td> <td valign="top" > <p class="oj-normal">require separate credentials to access privileged access or administrative accounts.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.6.3.</p> </td> <td valign="top" > <span>The relevant entities shall to the extent feasible use state-of-the-art authentication methods, in accordance with the associated assessed risk and the classification of the asset to be accessed, and unique authentication information.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.6.4.</p> </td> <td valign="top" > <span>The relevant entities shall review the authentication procedures and technologies at planned intervals.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e2403-14-1">11.7.   <span class="oj-italic">Multi-factor authentication</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.7.1.</p> </td> <td valign="top" > <span>The relevant entities shall ensure that users are authenticated by multiple authentication factors or continuous authentication mechanisms for accessing the relevant entities’ network and information systems, where appropriate, in accordance with the classification of the asset to be accessed.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">11.7.2.</p> </td> <td valign="top" > <span>The relevant entities shall ensure that the strength of authentication is appropriate for the classification of the asset to be accessed.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e2423-14-1">12.   <span class="oj-bold">Asset management (Article 21(2), point (i), of Directive (EU) 2022/2555)</span> </p> <p class="oj-ti-grseq-1" id="d1e2432-14-1">12.1.   <span class="oj-italic">Asset classification</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">12.1.1.</p> </td> <td valign="top" > <span>For the purpose of Article 21(2), point (i) of Directive (EU) 2022/2555, the relevant entities shall lay down classification levels of all assets, including information, in scope of their network and information systems for the level of protection required.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">12.1.2.</p> </td> <td valign="top" > <span>For the purpose of point 12.1.1, the relevant entities shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">lay down a system of classification levels for assets;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">associate all assets with a classification level, based on confidentiality, integrity, authenticity and availability requirements, to indicate the protection required according to their sensitivity, criticality, risk and business value;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">align the availability requirements of the assets with the delivery and recovery objectives set out in their business continuity and disaster recovery plans.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">12.1.3.</p> </td> <td valign="top" > <span>The relevant entities shall conduct periodic reviews of the classification levels of assets and update them, where appropriate.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e2476-14-1">12.2.   <span class="oj-italic">Handling of assets</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">12.2.1.</p> </td> <td valign="top" > <span>The relevant entities shall establish, implement and apply a policy for the proper handling of assets, including information, in accordance with their network and information security policy, and shall communicate the policy on proper handling of assets to anyone who uses or handles assets.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">12.2.2.</p> </td> <td valign="top" > <span>The policy shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">cover the entire life cycle of the assets, including acquisition, use, storage, transportation and disposal;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">provide rules on the safe use, safe storage, safe transport, and the irretrievable deletion and destruction of the assets;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">provide that the transfer shall take place in a secure manner, in accordance with the type of asset to be transferred.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">12.2.3.</p> </td> <td valign="top" > <span>The relevant entities shall review and, where appropriate, update the policy at planned intervals and when significant incidents or significant changes to operations or risks occur.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e2520-14-1">12.3.   <span class="oj-italic">Removable media policy</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">12.3.1.</p> </td> <td valign="top" > <span>The relevant entities shall establish, implement and apply a policy on the management of removable storage media and communicate it to their employees and third parties who handle removable storage media at the relevant entities’ premises or other locations where the removable media is connected to the relevant entities’ network and information systems.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">12.3.2.</p> </td> <td valign="top" > <span>The policy shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">provide for a technical prohibition of the connection of removable media unless there is an organisational reason for their use;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">provide for disabling self-execution from such media and scanning the media for malicious code before they are used on the relevant entities’ systems;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">provide measures for controlling and protecting portable storage devices containing data while in transit and in storage;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">where appropriate, provide measures for the use of cryptographic techniques to protect data on removable storage media.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">12.3.3.</p> </td> <td valign="top" > <span>The relevant entities shall review and, where appropriate, update the policy at planned intervals and when significant incidents or significant changes to operations or risks occur.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e2570-14-1">12.4.   <span class="oj-italic">Asset inventory</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">12.4.1.</p> </td> <td valign="top" > <span>The relevant entities shall develop and maintain a complete, accurate, up-to-date and consistent inventory of their assets. They shall record changes to the entries in the inventory in a traceable manner.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">12.4.2.</p> </td> <td valign="top" > <span>The granularity of the inventory of the assets shall be at a level appropriate for the needs of the relevant entities. The inventory shall include the following:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">the list of operations and services and their description,</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">the list of network and information systems and other associated assets supporting the relevant entities’ operations and services.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">12.4.3.</p> </td> <td valign="top" > <span>The relevant entities shall regularly review and update the inventory and their assets and document the history of changes.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e2608-14-1">12.5.   <span class="oj-italic">Deposit, return or deletion of assets upon termination of employment</span> </p> <p class="oj-normal">The relevant entities shall establish, implement and apply procedures which ensure that their assets which are under custody of personnel are deposited, returned or deleted upon termination of employment, and shall document the deposit, return and deletion of those assets. Where the deposit, return or deletion of assets is not possible, the relevant entities shall ensure that the assets can no longer access the relevant entities’ network and information systems in accordance with point 12.2.2.</p> <p class="oj-ti-grseq-1" id="d1e2619-14-1">13.   <span class="oj-bold">Environmental and physical security (Article 21(2), points (c), (e) and (i) of Directive (EU) 2022/2555)</span> </p> <p class="oj-ti-grseq-1" id="d1e2628-14-1">13.1.   <span class="oj-italic">Supporting utilities</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">13.1.1.</p> </td> <td valign="top" > <span>For the purpose of Article 21(2)(c) of Directive (EU) 2022/2555, the relevant entities shall prevent loss, damage or compromise of network and information systems or interruption to their operations due to the failure and disruption of supporting utilities.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">13.1.2.</p> </td> <td valign="top" > <span>For that purpose, the relevant entities shall, where appropriate:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">protect facilities from power failures and other disruptions caused by failures in supporting utilities such as electricity, telecommunications, water supply, gas, sewage, ventilation and air conditioning;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">consider the use of redundancy in utilities services;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">protect utility services for electricity and telecommunications, which transport data or supply network and information systems, against interception and damage;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">monitor the utility services referred to in point (c) and report to the competent internal or external personnel events outside the minimum and maximum control thresholds referred to in point 13.2.2(b) affecting the utility services;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(e)</p> </td> <td valign="top" > <p class="oj-normal">conclude contracts for the emergency supply with corresponding services, such as for the fuel for emergency power supply;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(f)</p> </td> <td valign="top" > <p class="oj-normal">ensure continuous effectiveness, monitor, maintain and test the supply of the network and information systems necessary for the operation of the service offered, in particular the electricity, temperature and humidity control, telecommunications and Internet connection.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">13.1.3.</p> </td> <td valign="top" > <span>The relevant entities shall test, review and, where appropriate, update the protection measures on a regular basis or following significant incidents or significant changes to operations or risks.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e2690-14-1">13.2.   <span class="oj-italic">Protection against physical and environmental threats</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">13.2.1.</p> </td> <td valign="top" > <span>For the purpose of Article 21(2)(e) of Directive (EU) 2022/2555, the relevant entities shall prevent or reduce the consequences of events originating from physical and environmental threats, such as natural disasters and other intentional or unintentional threats, based on the results of the risk assessment carried out pursuant to point 2.1.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">13.2.2.</p> </td> <td valign="top" > <span>For that purpose, the relevant entities shall, where appropriate:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">design and implement protection measures against physical and environmental threats;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">determine minimum and maximum control thresholds for physical and environmental threats;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">monitor environmental parameters and report to the competent internal or external personnel events outside the minimum and maximum control thresholds referred to in point (b).</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">13.2.3.</p> </td> <td valign="top" > <span>The relevant entities shall test, review and, where appropriate, update the protection measures against physical and environmental threats on a regular basis or following significant incidents or significant changes to operations or risks.</span> </td> </tr> </tbody> </table> <p class="oj-ti-grseq-1" id="d1e2734-14-1">13.3.   <span class="oj-italic">Perimeter and physical access control</span> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">13.3.1.</p> </td> <td valign="top" > <span>For the purpose of Article 21(2)(i) of Directive (EU) 2022/2555, the relevant entities shall prevent and monitor unauthorised physical access, damage and interference to their network and information systems.</span> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">13.3.2.</p> </td> <td valign="top" > <span>For that purpose, the relevant entities shall:</span> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(a)</p> </td> <td valign="top" > <p class="oj-normal">on the basis of the risk assessment carried out pursuant to point 2.1, lay down and use security perimeters to protect areas where network and information systems and other associated assets are located;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(b)</p> </td> <td valign="top" > <p class="oj-normal">protect the areas referred to in point (a) by appropriate entry controls and access points;</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(c)</p> </td> <td valign="top" > <p class="oj-normal">design and implement physical security for offices, rooms and facilities,</p> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="96%"/> <tbody> <tr> <td valign="top" > <p class="oj-normal">(d)</p> </td> <td valign="top" > <p class="oj-normal">continuously monitor their premises for unauthorised physical access.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <col width="4%"/> <col width="4%"/> <col width="92%"/> <tbody> <tr> <td valign="top" /> <td valign="top" > <p class="oj-normal">13.3.3.</p> </td> <td valign="top" > <span>The relevant entities shall test, review and, where appropriate, update the physical access control measures on a regular basis or following significant incidents or significant changes to operations or risks.</span> </td> </tr> </tbody> </table> </div> </div> <hr class="oj-separator"/> <p class="oj-normal">ELI: http://data.europa.eu/eli/reg_impl/2024/2690/oj</p> <p class="oj-normal">ISSN 1977-0677 (electronic edition)</p> <hr class="oj-doc-end"/> </div> <a class="linkToTop" href="#document1">Top</a> </div> </div> </div> </div><!-- panel-body --> </div><!-- panel-collapse --> </div> <!-- panel --> <script type="text/javascript"> $(document).ready(function () { popUpWidget("./../../../../", "en", "800"); popUpWidgetAccessible("./../../../../", "EN"); }) </script> <script type="text/javascript"> $(document).ready(function () { if ("false" == "true" || "false" == "true") { initConsLegTable('To display the table of contents, zoom out or increase the size of your browser window.'); } if ("true" == "true") { initToc("false"); eliResolutionResolver("/eli/reg_impl/2024/2690/oj"); } setTimeout(function(){ loadDocState("TXT false","PP"); }, 0); $(document).trigger("enhance"); }); </script> </div> <!-- panel-group --> </div> </div> <button id="tocBtnMbl" type="button" class="js-offcanvas-trigger btn btn-default btn-sm btn-block hidden hidden-md hidden-lg" onclick="generateTOC(false, 'To display the table of contents, zoom out or increase the size of your browser window.', 'Top', 'false');" data-offcanvas-trigger="TOC-off-canvas" href="#off-canvas"> <span> <span class="fa fa-list" aria-hidden="true">&nbsp;</span> Table of contents </span> </button> <button id="tocHideBtnMbl" type="button" class="js-offcanvas-trigger btn btn-default btn-sm btn-block hidden hidden-md hidden-lg" data-offcanvas-trigger="TOC-off-canvas" href="#off-canvas" onclick="hideTOC($(this))"> <span> <span class="fa fa-list" aria-hidden="true">&nbsp;</span> Hide table of contents </span> </button> <aside id="TOC-off-canvas" class="js-offcanvas hidden-md hidden-lg" data-offcanvas-options='{"modifiers": "bottom,overlay"}'> <div class="tocWrapper"> </div> </aside> </div> </div> </div> </div> </div> <!-- New EUR-Lex footer --> <footer class="ecl-site-footer"> <div class="ecl-container ecl-site-footer__container ecl-site-footer__container-override"> <div class="ecl-site-footer__row"> <div class="ecl-site-footer__column"> <div class="ecl-site-footer__section ecl-site-footer__section--site-info"> <a href="./../../../../homepage.html" > <picture class="ecl-picture ecl-site-footer__picture" title="Back to EUR-Lex homepage"> <img class="ecl-site-footer__logo-image" src="./../../../../revamp/images/eurlex_simple.svg" onerror="this.onerror=null; this.src='./../../../../images/n/eurlex_simple.png'" alt="Back to EUR-Lex homepage" title="Back to EUR-Lex homepage"> </picture> </a> <div class="ecl-site-footer__description">This site is managed by the <a href="http://op.europa.eu/en/home" title="Publications Office of the European Union" class="ecl-link ecl-link--standalone ecl-site-footer__link">Publications Office of the European Union</a> </div> </div> </div> <div class="ecl-site-footer__column"> <div class="ecl-site-footer__section"> <h2 class="ecl-site-footer__title ecl-site-footer__title--separator">Need help?</h2> <ul class="ecl-site-footer__list"> <li class="ecl-site-footer__list-item"> <a href="./../../../../content/help.html" class="ecl-link ecl-link--standalone ecl-site-footer__link" title="Help pages" > Help pages </a> </li> <li class="ecl-site-footer__list-item"> <a href="./../../../../contact.html" class="ecl-link ecl-link--standalone ecl-site-footer__link" title="Contact" > Contact </a> </li> <li class="ecl-site-footer__list-item"> <a href="./../../../../content/site-map/site-map.html" class="ecl-link ecl-link--standalone ecl-site-footer__link" title="Sitemap" > Sitemap </a> </li> </ul> </div> <div class="ecl-site-footer__section"> <h2 class="ecl-site-footer__title ecl-site-footer__title--separator">Follow us</h2> <ul class="ecl-site-footer__list"> <li class="ecl-site-footer__list-item"> <a href="https://twitter.com/EURLex/" title="X" class="ecl-link ecl-link--standalone ecl-link--icon ecl-site-footer__link"> <img class="ecl-icon ecl-icon--m ecl-link__icon ecl-link--icon--twitter" src="./../../../../revamp/images/twitter.svg" onerror="this.onerror=null; this.src='./../../../../images/n/twitter.png'" alt="X" title="X"> <span class="ecl-link__label--twitter">X</span> </a> </li> </ul> </div> <div class="ecl-site-footer__section"> <h2 class="ecl-site-footer__title ecl-site-footer__title--separator">Legal</h2> <ul class="ecl-site-footer__list"> <li class="ecl-site-footer__list-item"> <a href="./../../../../content/legal-notice/legal-notice.html" class="ecl-link ecl-link--standalone ecl-site-footer__link" title="Legal notice" > Legal notice </a> </li> <li class="ecl-site-footer__list-item"> <a href="./../../../../content/legal-notice/legal-notice.html#5.%20Cookies%20notice" class="ecl-link ecl-link--standalone ecl-site-footer__link" title="Cookies policy" > Cookies policy </a> </li> <li class="ecl-site-footer__list-item"> <a href="./../../../../content/legal-notice/legal-notice.html#4.%20Accessibility%20statement" class="ecl-link ecl-link--standalone ecl-site-footer__link" title="Accessibility" > Accessibility </a> </li> <li class="ecl-site-footer__list-item"> <a href="./../../../../content/legal-notice/legal-notice.html#3.%20protection" class="ecl-link ecl-link--standalone ecl-site-footer__link" title="Privacy statement" > Privacy statement </a> </li> </ul> </div> </div> <div class="ecl-site-footer__column"> <div class="ecl-site-footer__section"> <h2 class="ecl-site-footer__title ecl-site-footer__title--separator">Information</h2> <ul class="ecl-site-footer__list"> <li class="ecl-site-footer__list-item"> <a href="./../../../../content/welcome/about.html" class="ecl-link ecl-link--standalone ecl-site-footer__link" title="About EUR-Lex" > About EUR-Lex </a> </li> <li class="ecl-site-footer__list-item"> <a href="./../../../../newsletter/newsletterLatest.html" class="ecl-link ecl-link--standalone ecl-site-footer__link" title="Newsletter" > Newsletter </a> </li> <li class="ecl-site-footer__list-item"> <a href="./../../../../content/links/links.html" class="ecl-link ecl-link--standalone ecl-site-footer__link" title="Useful links" > Useful links </a> </li> </ul> </div> <div class="ecl-site-footer__section"> <h2 class="ecl-site-footer__title ecl-site-footer__title--separator">Other services</h2> <ul class="ecl-site-footer__list"> <li class="ecl-site-footer__list-item"> <a href="https://data.europa.eu/euodp/en/data/" title="European Data" class="ecl-link ecl-link--standalone ecl-site-footer__link"> European Data </a> </li> <li class="ecl-site-footer__list-item"> <a href="https://ted.europa.eu/TED/main/HomePage.do" title="EU tenders" class="ecl-link ecl-link--standalone ecl-site-footer__link"> EU tenders </a> </li> <li class="ecl-site-footer__list-item"> <a href="http://cordis.europa.eu/en/" title="EU research results" class="ecl-link ecl-link--standalone ecl-site-footer__link"> EU research results </a> </li> <li class="ecl-site-footer__list-item"> <a href="http://op.europa.eu/en/web/who-is-who" title="EU Whoiswho" class="ecl-link ecl-link--standalone ecl-site-footer__link"> EU Whoiswho </a> </li> <li class="ecl-site-footer__list-item"> <a href="http://op.europa.eu/en/web/general-publications/publications" title="EU publications" class="ecl-link ecl-link--standalone ecl-site-footer__link"> EU publications </a> </li> </ul> </div> <div class="ecl-site-footer__section ecl-site-footer__section--separator"> <ul class="ecl-site-footer__list"> <li class="ecl-site-footer__list-item"> <a href="http://n-lex.europa.eu/n-lex/index?lang=en" title="N-Lex" class="ecl-link ecl-link--standalone ecl-site-footer__link"> N-Lex </a> </li> <li class="ecl-site-footer__list-item"> <a href="http://op.europa.eu/en/web/eu-law-in-force" title="EU Law in Force" class="ecl-link ecl-link--standalone ecl-site-footer__link"> EU Law in Force </a> </li> <li class="ecl-site-footer__list-item"> <a href="http://law-tracker.europa.eu/joint-legislative-portal/homepage?lang=en" title="EU Law Tracker" class="ecl-link ecl-link--standalone ecl-site-footer__link"> EU Law Tracker </a> </li> </ul> </div> </div> </div> <div class="ecl-site-footer__row"> <div class="ecl-site-footer__column"> <div class="ecl-site-footer__section"><a href="https://european-union.europa.eu/" class="ecl-link ecl-link--standalone ecl-site-footer__logo-link" aria-label="European Union"> <picture class="ecl-picture ecl-site-footer__picture" title="European Union"> <source srcset="./../../../../revamp/images/logo-eu--en.svg" media="(min-width: 996px)"><img class="ecl-site-footer__logo-image" src="./../../../../revamp/images/logo-eu--en-sm.svg" alt="European Union logo" /> </picture> </a> <div class="ecl-site-footer__description">Discover more on<a href="https://europa.eu" class="ecl-link ecl-link--standalone"> <u>europa.eu</u></a></div> </div> </div> <div class="ecl-site-footer__column"> <div class="ecl-site-footer__section"> <h2 class="ecl-site-footer__title ecl-site-footer__title--separator">Contact the EU</h2> <ul class="ecl-site-footer__list"> <li class="ecl-site-footer__list-item"><a href="tel:0080067891011" class="ecl-link ecl-link--standalone ecl-site-footer__link"> Call us 00 800 6 7 8 9 10 11</a></li> <li class="ecl-site-footer__list-item"><a href="https://european-union.europa.eu/contact-eu/call-us_en" class="ecl-link ecl-link--standalone ecl-site-footer__link"> Use other telephone options</a></li> <li class="ecl-site-footer__list-item"><a href="https://european-union.europa.eu/contact-eu/write-us_en" class="ecl-link ecl-link--standalone ecl-site-footer__link"> Write to us via our contact form</a></li> <li class="ecl-site-footer__list-item"><a href="https://european-union.europa.eu/contact-eu/meet-us_en" class="ecl-link ecl-link--standalone ecl-site-footer__link"> Meet us at one of the EU centres</a></li> </ul> </div> <div class="ecl-site-footer__section"> <h2 class="ecl-site-footer__title ecl-site-footer__title--separator">Social media</h2> <ul class="ecl-site-footer__list"> <li class="ecl-site-footer__list-item"><a href="https://european-union.europa.eu/contact-eu/social-media-channels_en#/search" class="ecl-link ecl-link--standalone ecl-site-footer__link"> Search for EU social media channels</a></li> </ul> </div> <div class="ecl-site-footer__section"> <h2 class="ecl-site-footer__title ecl-site-footer__title--separator">Legal</h2> <ul class="ecl-site-footer__list"> <li class="ecl-site-footer__list-item"><a href="https://european-union.europa.eu/languages-our-websites_en" class="ecl-link ecl-link--standalone ecl-site-footer__link">Languages on our websites</a></li> <li class="ecl-site-footer__list-item"><a href="https://european-union.europa.eu/privacy-policy_en" class="ecl-link ecl-link--standalone ecl-site-footer__link">Privacy policy</a></li> <li class="ecl-site-footer__list-item"><a href="https://european-union.europa.eu/legal-notice_en" class="ecl-link ecl-link--standalone ecl-site-footer__link">Legal notice</a></li> <li class="ecl-site-footer__list-item"><a href="https://european-union.europa.eu/cookies_en" class="ecl-link ecl-link--standalone ecl-site-footer__link">Cookies</a></li> </ul> </div> </div> <div class="ecl-site-footer__column"> <div class="ecl-site-footer__section ecl-site-footer__section"> <h2 class="ecl-site-footer__title ecl-site-footer__title--separator">EU institutions</h2> <ul class="ecl-site-footer__list"> <li class="ecl-site-footer__list-item"><a href="https://www.europarl.europa.eu/portal/" class="ecl-link ecl-link--standalone ecl-site-footer__link">European Parliament</a></li> <li class="ecl-site-footer__list-item"><a href="https://www.consilium.europa.eu/en/european-council/" class="ecl-link ecl-link--standalone ecl-site-footer__link">European Council</a></li> <li class="ecl-site-footer__list-item"><a href="https://www.consilium.europa.eu/en/home/" class="ecl-link ecl-link--standalone ecl-site-footer__link">Council of the European Union</a></li> <li class="ecl-site-footer__list-item"><a href="https://commission.europa.eu/index_en" class="ecl-link ecl-link--standalone ecl-site-footer__link">European Commission</a></li> <li class="ecl-site-footer__list-item"><a href="https://curia.europa.eu/jcms/jcms/j_6/en/" class="ecl-link ecl-link--standalone ecl-site-footer__link">Court of Justice of the European Union (CJEU)</a></li> <li class="ecl-site-footer__list-item"><a href="https://www.ecb.europa.eu/home/html/index.en.html" class="ecl-link ecl-link--standalone ecl-site-footer__link">European Central Bank (ECB)</a></li> <li class="ecl-site-footer__list-item"><a href="https://www.eca.europa.eu/en" class="ecl-link ecl-link--standalone ecl-site-footer__link">European Court of Auditors</a></li> <li class="ecl-site-footer__list-item"><a href="https://eeas.europa.eu/headquarters/headquarters-homepage_en" class="ecl-link ecl-link--standalone ecl-site-footer__link">European External Action Service (EEAS)</a></li> <li class="ecl-site-footer__list-item"><a href="https://www.eesc.europa.eu/?i=portal.en.home" class="ecl-link ecl-link--standalone ecl-site-footer__link">European Economic and Social Committee</a></li> <li class="ecl-site-footer__list-item"><a href="https://cor.europa.eu/en/" class="ecl-link ecl-link--standalone ecl-site-footer__link">European Committee of Regions (CoR)</a></li> <li class="ecl-site-footer__list-item"><a href="https://www.eib.org/en/index.htm" class="ecl-link ecl-link--standalone ecl-site-footer__link">European Investment Bank</a></li> <li class="ecl-site-footer__list-item"><a href="https://www.ombudsman.europa.eu/en/home" class="ecl-link ecl-link--standalone ecl-site-footer__link">European Ombudsman</a></li> <li class="ecl-site-footer__list-item"><a href="https://secure.edps.europa.eu/EDPSWEB/edps/EDPS?lang=en" class="ecl-link ecl-link--standalone ecl-site-footer__link">European Data Protection Supervisor (EDPS)</a></li> <li class="ecl-site-footer__list-item"><a href="https://edpb.europa.eu/edpb_en" class="ecl-link ecl-link--standalone ecl-site-footer__link">European Data Protection Board</a></li> <li class="ecl-site-footer__list-item"><a href="https://epso.europa.eu/en" class="ecl-link ecl-link--standalone ecl-site-footer__link">European Personnel Selection Office</a></li> <li class="ecl-site-footer__list-item"><a href="https://op.europa.eu/en/home" class="ecl-link ecl-link--standalone ecl-site-footer__link">Publications Office of the European Union</a></li> <li class="ecl-site-footer__list-item"><a href="https://european-union.europa.eu/institutions-law-budget/institutions-and-bodies/institutions-and-bodies-profiles_en?f%5B0%5D=oe_organisation_eu_type%3Ahttp%3A//publications.europa.eu/resource/authority/corporate-body-classification/AGENCY_DEC&f%5B1%5D=oe_organisation_eu_type%3Ahttp%3A//publications.europa.eu/resource/authority/corporate-body-classification/AGENCY_EXEC&f%5B2%5D=oe_organisation_eu_type%3Ahttp%3A//publications.europa.eu/resource/authority/corporate-body-classification/EU_JU" class="ecl-link ecl-link--standalone ecl-site-footer__link">Agencies</a></li> </ul> </div> </div> </div> <a href="#" aria-label="Back to top" class="btn btn-xs btn-primary EurlexTop"><i class="fa fa-arrow-up" aria-hidden="true"></i></a> <div class="panel-footer text-center switchToDesktop"> <ul class="list-unstyled"> <li class="hide" id="switchToMobile"> <a href="#" class="OP-Nlex" onclick="createCookie(&#039;desktopModeOn&#039;,&#039;false&#039;,&#039;30&#039;);window.location.reload(true);" > Switch to mobile&nbsp;<i class="fa fa-mobile" aria-hidden="true"></i> </a> </li> <li class="hide" id="switchToDesktop"> <a href="#" class="ecl-link ecl-link--standalone ecl-site-footer__link" onclick="createCookie(&#039;desktopModeOn&#039;,&#039;true&#039;,&#039;30&#039;);window.location.reload(true);" > Switch to desktop&nbsp;<i class="fa fa-desktop" aria-hidden="true"></i> </a> </li> </ul> </div> </div> </footer> <script type="text/javascript"> $(document).ready(function () { var switchToDesktop = "notSelected"; var deviceDetected = "desktop"; //enable switch to desktop view for mobile devices if (deviceDetected == 'mobile' ){ if ((switchToDesktop == 'false' || switchToDesktop == 'notSelected') && window.innerWidth<992 ){ $("#switchToDesktop").removeClass("hide"); }else if (switchToDesktop == 'true'){ $("#switchToMobile").removeClass("hide"); } } }); </script> <script type="text/javascript" src="./../../../../js/jquery.js?v=2.17.0"></script> <script>(function($,d){$.each(readyQ,function(i,f){$(f)});$.each(bindReadyQ,function(i,f){$(d).on("ready",f)})})(jQuery,document)</script> <script type="text/javascript" src="./../../../../js/eur-lex-sanitizer.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../js/eur-lex.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../js/experimentalFeatures.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../js/TOC_ELI_SUBDIVISIONS.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../js/TOC.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../js/machineTranslation.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../revamp/components/vendor/moment/min/moment-with-locales.min.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../revamp/components/vendor/bootstrap/dist/js/bootstrap.min.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../revamp/components/vendor/bootstrap-3-typeahead/js/bootstrap3-typeahead_customized.min.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../revamp/js/ie10-viewport-bug-workaround.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../revamp/js/metisMenu.min.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../revamp/js/timeline.main.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../revamp/js/jquery.autoresize.min.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../revamp/js/eurlex.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../revamp/js/js-offcanvas.pkgd.min.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../js/compatibility-table.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../revamp/components/vendor/bootstrap/js/transition.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../revamp/components/vendor/bootstrap/js/collapse.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../revamp/components/vendor/gasparesganga-jquery-loading-overlay/src/loadingoverlay.min.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../js/popupWidgetTitle.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../js/piwik_functionality.js?v=2.17.0"></script> <script src="https://webtools.europa.eu/load.js?globan=1110" type="text/javascript"></script> <script type="text/javascript" src="./../../../../js/cookieConsentKitUtils.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../js/d3/d3.v7.min.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../js/browse-by-collection.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../js/d3-timeline.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../js/url-dynamic-util.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../js/pdfjs/build/pdf.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../js/pdfjs/build/pdf.worker.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../js/pdf-infinite-scroll.js?v=2.17.0"></script> <script type="text/javascript" src="./../../../../revamp/components/vendor/ec/eu-preset-v4.1.1/scripts/ecl-eu.js?v=2.17.0"></script> <script type="text/javascript" src="https://unpkg.com/svg4everybody@2.1.9/dist/svg4everybody.js"></script> </body> </html>