keyboard_tab Cyber Resilience Act 2023/2841 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- Art. 1 Subject matter
- Art. 2 Scope
- Art. 3 Definitions
- Art. 4 Processing of personal data
- Art. 5 Implementation of measures
- Art. 6 Cybersecurity risk-management, governance and control framework
- Art. 7 Cybersecurity maturity assessments
- Art. 8 Cybersecurity risk-management measures
- Art. 9 Cybersecurity plans
- Art. 10 Interinstitutional Cybersecurity Board
- Art. 11 Tasks of the IICB
- Art. 12 Compliance
- Art. 13 CERT-EU mission and tasks
- Art. 14 Guidelines, recommendations and calls for action
- Art. 15 Head of CERT-EU
- Art. 16 Financial and staffing matters
- Art. 17 Cooperation of CERT-EU with Member State counterparts
- Art. 18 Cooperation of CERT-EU with other counterparts
- Art. 19 Information handling
- Art. 20 Cybersecurity information-sharing arrangements
- Art. 21 Reporting obligations
- Art. 22 Incident response coordination and cooperation
- Art. 23 Management of major incidents
- Art. 24 Initial budgetary reallocation
- Art. 25 Review
- Article 26 Entry into force
CHAPTER I
GENERAL PROVISIONS
CHAPTER II
MEASURES FOR A HIGH COMMON LEVEL OF CYBERSECURITY
CHAPTER III
INTERINSTITUTIONAL CYBERSECURITY BOARD
CHAPTER IV
CERT-EU
CHAPTER V
COOPERATION AND REPORTING OBLIGATIONS
CHAPTER VI
FINAL PROVISIONS
- Union entities
- network and information system
- security of network and information systems
- cybersecurity
- highest level of management
- near miss
- incident
- major incident
- large-scale cybersecurity incident
- incident handling
- cyber threat
- significant cyber threat
- vulnerability
- cybersecurity risk
- cloud computing service
- iicb 21
- shall 18
- european 13
- the 10
- chair 8
- procedure 7
- member 6
- representatives 5
- union 5
- rules 5
- cert-eu 5
- committee 5
- vote 4
- euan 4
- cybersecurity 4
- union_entities 4
- members 4
- internal 4
- report 3
- council 3
- designated 3
- regulation 3
- accordance 3
- iicb’s 3
- three 3
- except 3
- implementation 3
- executive 2
- cooperation 2
- have 2
- decisions 2
- article 2
- provided 2
- meetings 2
- which 2
- alternate 2
- powers 2
- agencies 2
- network 2
- basis 2
- among 2
- tasks 2
- bank 2
- pursuant 2
- otherwise 2
- established 2
- interinstitutional 2
- each 2
- board 2
- parliament 2
Article 10
Interinstitutional Cybersecurity Board
1. An Interinstitutional Cybersecurity Board (IICB) is hereby established.
2. The IICB shall be responsible for:
| (a) | monitoring and supporting the implementation of this Regulation by the Union_entities; |
| (b) | supervising the implementation of general priorities and objectives by CERT-EU and providing strategic direction to CERT-EU. |
3. The IICB shall consist of:
| (a) | one representative designated by each of the following:
|
| (b) | three representatives designated by the EU Agencies Network (EUAN) on the basis of a proposal by its ICT Advisory Committee to represent the interests of the bodies, offices and agencies of the Union that run their own ICT environment, other than those referred to in point (a). |
The Union_entities represented on the IICB shall aim to achieve gender balance among the designated representatives.
4. Members of the IICB may be assisted by an alternate. Other representatives of the Union_entities referred to in paragraph 3 or of other Union_entities may be invited by the Chair to attend IICB meetings without voting power.
5. The Head of CERT-EU and the Chairs of the Cooperation Group, the CSIRTs network and EU-CyCLONe established, respectively, pursuant to Articles 14, 15 and 16 of Directive (EU) 2022/2555, or their alternates, may participate in IICB meetings as observers. In exceptional cases, the IICB may, in accordance with its internal rules of procedure, decide otherwise.
6. The IICB shall adopt its internal rules of procedure.
7. The IICB shall designate a Chair in accordance with its internal rules of procedure, from among its members for a period of three years. The Chair’s alternate shall become a full member of the IICB for the same duration.
8. The IICB shall meet at least three times a year at the initiative of its Chair, at the request of CERT-EU or at the request of any of its members.
9. Each member of the IICB shall have one vote. The IICB’s decisions shall be taken by simple majority except where otherwise provided for in this Regulation. The Chair of the IICB shall not have a vote except in the event of a tied vote, in which case the Chair may cast a deciding vote.
10. The IICB may act by means of a simplified written procedure initiated in accordance with its internal rules of procedure. Under that procedure, the relevant decision shall be deemed to be approved within the timeframe set by the Chair, except where a member objects.
11. The secretariat of the IICB shall be provided by the Commission and shall be accountable to the Chair of the IICB.
12. The representatives nominated by the EUAN shall relay the IICB’s decisions to the members of the EUAN. Any member of the EUAN shall be entitled to raise with those representatives or the Chair of the IICB any matter which it considers should be brought to the IICB’s attention.
13. The IICB may establish an executive committee to assist it in its work, and delegate some of its tasks and powers to it. The IICB shall lay down the rules of procedure of the executive committee, including its tasks and powers, and the terms of office of its members.
14. By 8 January 2025 and on an annual basis thereafter, the IICB shall submit a report to the European Parliament and to the Council detailing progress made with the implementation of this Regulation and specifying in particular the extent of cooperation of CERT-EU with Member State counterparts in each of the Member States. The report shall constitute an input to the biennial report on the state of cybersecurity in the Union adopted pursuant to Article 18 of Directive (EU) 2022/2555.
whereas