Translations:Network and Information Security Directive (NIS2-RL)/131/en

Aus RI Wiki
Version vom 3. Juni 2025, 11:49 Uhr von Jhospes (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „Important entities are required under § 34 NISG to report any significant cybersecurity incident to their competent sectoral CSIRT, or otherwise to the national CSIRT without delay. In assessing whether an incident qualifies as significant, § 35(2)(b) NISG states that possible effects on public order, security, public health, or the health of the population or large groups must be taken into account.As NisExperts AG provides critical services to several…“)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Zur Navigation springenZur Suche springen

Important entities are required under § 34 NISG to report any significant cybersecurity incident to their competent sectoral CSIRT, or otherwise to the national CSIRT without delay. In assessing whether an incident qualifies as significant, § 35(2)(b) NISG states that possible effects on public order, security, public health, or the health of the population or large groups must be taken into account.As NisExperts AG provides critical services to several hospitals, and the outage triggered the activation of emergency plans, this likely constitutes a significant cybersecurity incident under § 35 NISG.

According to Article 8 of Implementing Regulation (EU) 2024/2690, a significant incident occurs when the availability of a data centre service operated by the provider is impaired for more than one hour. This condition is met, and thus the event qualifies as a significant incident.

In the absence of a sector-specific CSIRT, NisExperts AG reports the incident to the national CSIRT (cert.at) in accordance with § 34 NISG as follows:

Abgerufen von „https://wiki.atlaws.eu/index.php?title=Translations:Network_and_Information_Security_Directive_(NIS2-RL)/131/en&oldid=3596