FantasticSearch

1. This Regulation lays down measures to strengthen capacities in the Union to detect, prepare for and respond to cyber threats and incidents, in particular by establishing:

(a) a pan-European network of cyber hubs (European Cybersecurity Alert System) to build and enhance coordinated detection and common situational awareness capabilities;

(b) a Cybersecurity Emergency Mechanism to support Member States in preparing for, responding to, mitigating the impact of and initiating recovery from significant cybersecurity incidents and large-scale cybersecurity incidents and to support other users in responding to significant cybersecurity incidents and large-scale-equivalent cybersecurity incidents;

(c) a European Cybersecurity Incident Review Mechanism to review and assess significant cybersecurity incidents or large-scale cybersecurity incidents.

2. This Regulation pursues the general objectives of reinforcing the competitive position of industry and services in the Union across the digital economy, including microenterprises and small and medium-sized enterprises as well as start-ups, and of contributing to the Union’s technological sovereignty and open strategic autonomy in the area of cybersecurity, including by boosting innovation in the Digital Single Market. It pursues those objectives by strengthening solidarity at Union level, reinforcing the cybersecurity ecosystem, enhancing Member States’ cyber resilience and developing the skills, knowhow, abilities and competencies of the workforce in relation to cybersecurity.

3. The achievement of the general objectives referred to in paragraph 2 shall be pursued through the following specific objectives:

(a) to strengthen common coordinated Union detection capacities and common situational awareness of cyber threats and incidents;

(b) to reinforce preparedness of entities operating in sectors of high criticality or entities operating in other critical sectors across the Union and strengthen solidarity by developing coordinated preparedness testing and enhanced response and recovery capacities to handle significant cybersecurity incidents, large-scale cybersecurity incidents or large-scale-equivalent cybersecurity incidents, including the possibility of making Union cybersecurity incident response support available for DEP-associated third countries;

(c) to enhance the Union’s resilience and contribute to effective incident response by reviewing and assessing significant cybersecurity incidents or large-scale cybersecurity incidents, including drawing lessons learned and, where appropriate, recommendations.

4. The actions under this Regulation shall be conducted with due respect to the Member States’ competences and shall be complementary to the activities carried out by the CSIRTs network, EU-CyCLONe and the NIS Cooperation Group.

5. This Regulation is without prejudice to the Member States’ essential State functions, including ensuring the territorial integrity of the State, maintaining law and order and safeguarding national security. In particular, national security remains the sole responsibility of each Member State.

6. The sharing or exchange of information under this Regulation that is confidential pursuant to Union or national rules shall be limited to that which is relevant and proportionate to the purpose of that sharing or exchange. Such sharing or exchange of information shall preserve the confidentiality of the information, and protect the security and commercial interests of the entities concerned. It shall not entail the supply of information the disclosure of which would be contrary to the Member States’ essential interests of national security, public security or defence.