Translations:Critical Entities‘ Resilience Directive (CER)/3/en
Aus RI Wiki
Zur Navigation springenZur Suche springen
| Scope | Key Contents | Synergies | Penalties/Consequences | |
|---|---|---|---|---|
| critical entities (undertakings providing essential services) | Adoption of a strategy for the resilience of critical entities (Art 4 CER-D) by MS | Special rule for authorities' jurisdiction (DORA authority) regarding banking and financial market infrastructures (Art 9 para 1 CER-D) | Supervisory powers of authorities (on-site inspections, external supervisory measures, audits) (Art 21 CER-D) | |
| critical infrastructure (required for providing an essential service) | Risk assessment of entities by MS (Art 5 CER-D) | The identity of critical entities identified under CER-D must also be communicated to the authority responsible for NIS2-D (Art 6 para 4 CER-D). | Information access rights (Art 21 CER-D) | |
| Timeline: Transposition deadline until October 17, 2024 | Identification of critical entities by MS (Art 6 CER-D) | Special jurisdiction (NIS2 authority) regarding Digital Infrastructure (Art 9 para 1 CER-D). | Instruction to take specific measures to remedy infringements (Art 21 CER-D) | |
| Exceptions: Banking, Financial Market Infrastructure, Digital Infrastructure | Risk assessment by critical entity itself (Art 12 CER-D) | Cooperation/information exchange regarding cybersecurity risks, cyber threats, and cybersecurity incidents with the NIS2 authority (Art 9 para 6 CER-D). | Fines of up to 50,000 Euros, in case of repetition up to 100,000 Euros, for failure to disclose a contact point/contact person or failure to submit the risk analysis or resilience plan (§ 22 para 1 RKEG-G) | |
| Implementation of resilience measures (Art 13 CER-D) | The Critical Entities Resilience Group shall meet at least once a year jointly with the Cooperation Group under the NIS2-D (Art 19 para 5 CER-D). | Fine of up to 7 million Euros for non-implementation of measures ordered by decision after finding that the requirements for risk analysis or resilience measures are not met or not fully met, or violations of reporting obligations (§ 22 para 2 RKEG-Draft). | ||
| Reliability checks (Art 14 CER-D) | ||||
| Reporting obligations for security incidents (Art 15 CER-D) |
