TABLE OF CONTENTS
ANNEX ..................................................................................................................................................... 4
1. Introduction. ........................................................................................................................................ 4
2. National strategy on security of network and information systems. .................................................. 5
2.1. The scope of the national strategy. .......................................................................................... 5
2.2. Content and procedure for adoption of the national strategies.............................................. 6
2.3. Process and issues to be addressed. ........................................................................................ 6
2.4. Concrete steps that Member States must undertake before the transposition deadline. ...... 8
3. NIS Directive: National competent authorities, single contact points and Computer Security
Incident Response Teams (CSIRTs). ....................................................................................................... 10
3.1. Type of authorities. ................................................................................................................ 11
3.2 Publicity and additional relevant aspects. ............................................................................... 11
3.3. NIS Directive, Article 9: Computer Security Incident Response Teams (CSIRTs).................... 17
3.4. Tasks and requirements. ........................................................................................................ 17
3.5. Assistance for the development of CSIRTS. ............................................................................ 18
3.6. The role of the single point of contact. .................................................................................. 18
3.7. Penalties. ................................................................................................................................ 19
4.1. Operators of essential services (OES). ........................................................................................ 20
4.1.1. Type of entities listed in NIS Directive Annex II................................................................... 20
4.1.2. Identification of operators of essential services. ................................................................ 22
4.1.3. Inclusion of additional sectors............................................................................................. 23
4.1.4. Jurisdiction........................................................................................................................... 24
4.1.5. Information to be submitted to the Commission. .............................................................. 24
4.1.6. How to carry out the identification process? ...................................................................... 25
4.1.7. Cross-border consultation process...................................................................................... 30
4.2. Security requirements. ............................................................................................................... 30
4.3 Notification requirements. .......................................................................................................... 30
4.4. NIS Directive, Annex III: Digital Service Providers. ..................................................................... 31
4.4.1. Categories of DSPs. .............................................................................................................. 31
4.4.2. Security requirements. ........................................................................................................ 34
4.4.3. Notification requirements. .................................................................................................. 34
4.4.4. Risk-based regulatory approach. ......................................................................................... 35
4.4.5. Jurisdiction........................................................................................................................... 35
2