News
24-07-2024
CENTR has issued a Board statement to provided feedback to the European Commission’s Draft implementing regulation of the NIS 2 Directive.
As entities that are directly targeted by the provisions of the European Commission’s Draft implementing regulation laying down rules for the application of the NIS 2 Directive, CENTR members provide feedback and express their concerns in regards to cybersecurity risk management and reporting obligations for digital infrastructure under the regulation.
CENTR would like to draw the European Commission’s attention to the following areas of concern:
- In order to provide legal clarity for essential entities, and ensure manageability of handling incident reporting for CSIRTs and competent authorities, CENTR calls for keeping Article 3 as focused as possible. A voluntary reporting mechanism available in NIS 2 Directive will provide necessary leverage for more ambiguous situations and facilitate cooperation between CSIRTs and essential entities.
- CENTR calls for further clarifications in Articles 5 and 6 regarding disruptions of authoritative domain name resolution service that should only include situations under control of the affected entity, within their managed network systems.
- In order to avoid the overlap of competence between authorities, CENTR calls for narrowing down a significant incident criteria in Article 6(c) to cover breaches of the integrity, confidentiality or authenticity of stored, transmitted or processed data in relation to technical operation of the TLD under the definition provided in the NIS 2 Directive.
- CENTR calls for including a reasonable and uniform transition period for compliance with the mandatory cybersecurity risk management measures in Annex.