keyboard_tab Cyber Resilience Act 2023/2841 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- 1 Art. 1 Subject matter
- 2 Art. 2 Scope
- 4 Art. 3 Definitions
- 2 Art. 4 Processing of personal data
- 1 Art. 6 Cybersecurity risk-management, governance and control framework
- 1 Art. 7 Cybersecurity maturity assessments
- 4 Art. 8 Cybersecurity risk-management measures
- 4 Art. 11 Tasks of the IICB
- 3 Art. 12 Compliance
- 13 Art. 13 CERT-EU mission and tasks
- 3 Art. 14 Guidelines, recommendations and calls for action
- 1 Art. 15 Head of CERT-EU
- 1 Art. 16 Financial and staffing matters
- 8 Art. 17 Cooperation of CERT-EU with Member State counterparts
- 7 Art. 18 Cooperation of CERT-EU with other counterparts
- 2 Art. 19 information handling
- 9 Art. 20 Cybersecurity information-sharing arrangements
- 10 Art. 21 Reporting obligations
- 3 Art. 22 Incident response coordination and cooperation
- 3 Art. 23 Management of major incidents
- 1 Art. 25 Review
- Article 26 Entry into force
CHAPTER I
GENERAL PROVISIONS
CHAPTER II
MEASURES FOR A HIGH COMMON LEVEL OF CYBERSECURITY
CHAPTER III
INTERINSTITUTIONAL CYBERSECURITY BOARD
CHAPTER IV
CERT-EU
CHAPTER V
COOPERATION AND REPORTING OBLIGATIONS
CHAPTER VI
FINAL PROVISIONS
- Union entities
- network andinformation system
- security of network andinformation systems
- cybersecurity
- highest level of management
- near miss
- incident
- major incident
- large-scale cybersecurity incident
- incident handling
- cyber threat
- significant cyber threat
- vulnerability
- cybersecurity risk
- cloud computing service
- shall 148
- cybersecurity 111
- cert-eu 107
- union 106
- article 100
- union_entities 75
- entity 69
- regulation 59
- european 58
- information 57
- iicb 49
- incident 48
- pursuant 42
- eu / 38
- including 38
- incidents 38
- measures 32
- level 32
- point 29
- no / 29
- basis 27
- implementation 27
- management 27
- directive 27
- referred 26
- council 26
- service 25
- parliament 24
- cooperation 23
- the 23
- concerned 23
- applicable 23
- without 23
- relevant 23
- within 23
- report 22
- from 22
- such 22
- means 22
- cert-eu 21
- head 21
- appropriate 21
- significant 20
- commission 20
- services 18
- security 18
- response 18
- data 18
- recommendations 18
- into 18
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Strasbourg, 13 December 2023.
For the European Parliament
The President
R. METSOLA
For the Council
The President
P. NAVARRO RÍOS
(1) Position of the European Parliament of 21 November 2023 (not yet published in the Official Journal) and decision of the Council of 8 December 2023.
(2) Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive) (OJ L 333, 27.12.2022, p. 80).
(3) Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (OJ L 151, 7.6.2019, p. 15).
(4) Arrangement between the European Parliament, the European Council, the Council of the European Union, the European Commission, the Court of Justice of the European Union, the European Central Bank, the European Court of Auditors, the European External Action Service, the European Economic and Social Committee, the European Committee of the Regions and the European Investment Bank on the organisation and operation of a computer emergency response team for the Union’s institutions, bodies and agencies (CERT-EU) (OJ C 12, 13.1.2018, p. 1).
(5) Regulation (EEC, Euratom, ECSC) No 259/68 of the Council of 29 February 1968 laying down the Staff Regulations of Officials and the Conditions of Employment of Other Servants of the European Communities and instituting special measures temporarily applicable to officials of the Commission (OJ L 56, 4.3.1968, p. 1).
(6) Commission Recommendation (EU) 2017/1584 of 13 September 2017 on coordinated response to large-scale cybersecurity incidents and crises (OJ L 239, 19.9.2017, p. 36).
(7) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).
(8) OJ C 258, 5.7.2022, p. 10.
(9) Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, amending Regulations (EU) No 1296/2013, (EU) No 1301/2013, (EU) No 1303/2013, (EU) No 1304/2013, (EU) No 1309/2013, (EU) No 1316/2013, (EU) No 223/2014, (EU) No 283/2014, and Decision No 541/2014/EU and repealing Regulation (EU, Euratom) No 966/2012 (OJ L 193, 30.7.2018, p. 1).
(10) Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145, 31.5.2001, p. 43).
ELI: http://data.europa.eu/eli/reg/2023/2841/oj
ISSN 1977-0677 (electronic edition)