1 Matching Annotations
- Oct 2023
In Council, Member States’ representatives (Coreper) reached a common position on 19 July 2023, allowing the Council to enter in negotiations with the European Parliament. Council notably removed the notion of "critical" from products with digital elements and deleted a substantial number of the products listed in the Annex III. Council introduced three categories of products, critical for essential entities as defined by the NIS2, that would fall under mandatory European cybersecurity certification by means of a delegated act. The Council moved the reporting of cybersecurity incidents and actively exploitable vulnerabilities from ENISA to the national Computer Security Incident Response Teams (CSIRTs) in a two-step process of an initial notification after 24 hours and a second one after 72 hours. Council proposes to postpone the application of the regulation to 36 months.
EP remarks on the changes made by Council in their proposal. Also note link to NIS2 and CSA.