Commission Delegated Regulation (EU) 2024/1366 of 11 March 2024 supplementing Reg... (32024R1366)
INHALT
Commission Delegated Regulation (EU) 2024/1366 of 11 March 2024 supplementing Regulation (EU) 2019/943 of the European Parliament and of the Council by establishing a network code on sector-specific rules for cybersecurity aspects of cross-border electricity flows
- COMMISSION DELEGATED REGULATION (EU) 2024/1366
- of 11 March 2024
- supplementing Regulation (EU) 2019/943 of the European Parliament and of the Council by establishing a network code on sector-specific rules for cybersecurity aspects of cross-border electricity flows
- (Text with EEA relevance)
- CHAPTER I
- GENERAL PROVISIONS
- Article 1
- Subject matter
- Article 2
- Scope
- Article 3
- Definitions
- Article 4
- Competent authority
- Article 5
- Cooperation between relevant authorities and bodies at national level
- Article 6
- Terms and conditions or methodologies or plans
- Article 7
- Voting rules in the TSOs
- Article 8
- Submission of proposals to the competent authorities
- Article 9
- Consultation
- Article 10
- Stakeholder involvement
- Article 11
- Recovery of costs
- Article 12
- Monitoring
- Article 13
- Benchmarking
- Article 14
- Agreements with TSOs from outside the Union
- Article 15
- Legal representatives
- Article 16
- Cooperation between the ENTSO for Electricity and the EU DSO Entity
- Article 17
- Cooperation between ACER and the competent authorities
- CHAPTER II
- RISK ASSESSMENT AND IDENTIFICATION OF THE RELEVANT CYBERSECURITY RISKS
- Article 18
- Cybersecurity risk assessment methodologies
- Article 19
- Union-wide cybersecurity risk assessment
- Article 20
- Member State cybersecurity risk assessment
- Article 21
- Regional cybersecurity risk assessments
- Article 22
- Regional cybersecurity risk mitigation plans
- Article 23
- Comprehensive cross-border electricity cybersecurity risk assessment report
- Article 24
- Identification of high-impact and critical-impact entities
- Article 25
- National verification schemes
- Article 26
- Cybersecurity risk management at entity level
- Article 27
- Reporting on the risk assessment at entity level
- CHAPTER III
- COMMON ELECTRICITY CYBERSECURITY FRAMEWORK
- Article 28
- Composition, functioning and review of the common electricity cybersecurity framework
- Article 29
- Minimum and advanced cybersecurity controls
- Article 30
- Derogations from the minimum and advanced cybersecurity controls
- Article 31
- Verification of the common electricity cybersecurity framework
- Article 32
- Cybersecurity management system
- Article 33
- Minimum and advanced cybersecurity controls in the supply chain
- Article 34
- Mapping matrix for electricity cybersecurity controls against standards
- CHAPTER IV
- CYBERSECURITY PROCUREMENT RECOMMENDATIONS
- Article 35
- Cybersecurity procurement recommendations
- Article 36
- Guidance on use of European cybersecurity certification schemes for procurement of ICT products, ICT services and ICT processes
- CHAPTER V
- INFORMATION FLOWS, CYBER-ATTACKS AND CRISIS MANAGEMENT
- Article 37
- Rules on information sharing
- Article 38
- Role of high-impact and critical-impact entities as regards information sharing
- Article 39
- Detection of cyber-attacks and handling of related information
- Article 40
- Crisis management
- Article 41
- Cybersecurity crisis management and response plans
- Article 42
- Cybersecurity early alert capabilities for the electricity sector
- CHAPTER VI
- ELECTRICITY CYBERSECURITY EXERCISE FRAMEWORK
- Article 43
- Cybersecurity exercises at entity and Member State levels
- Article 44
- Regional or cross regional cybersecurity exercises
- Article 45
- Outcome of cybersecurity exercises at entity, Member State, regional or cross regional levels
- CHAPTER VII
- PROTECTION OF INFORMATION
- Article 46
- Principles for the protection of exchanged information
- Article 47
- Confidentiality of information
- CHAPTER VIII
- FINAL PROVISIONS
- Article 48
- Temporary provisions
- Article 49
- Entry into force
Feedback