In order to achieve a high common level of digital operational resilience, this Regulation lays down uniform requirements concerning the beveiliging van netwerk- en informatiesystemenBeveiliging van netwerk- en informatiesystemen Het vermogen van netwerk- en informatiesystemen om met een gegeven mate van betrouwbaarheid bestand te zijn tegen gebeurtenissen die de beschikbaarheid, authenticiteit, integriteit of vertrouwelijkheid van opgeslagen, verzonden of verwerkte gegevens of van de diensten die door deze netwerk- en informatiesystemen worden aangeboden of via deze toegankelijk zijn, in gevaar kunnen brengen. Definitie volgens artikel 6 van Richtlijn (EU) 2022/2555 (NIS2-richtlijn) supporting the business processes of financial entities as follows:
(a) requirements applicable to financial entities in relation to:
(i) information and communication technology (ICT) risicoRisico Betekent de kans op verlies of verstoring veroorzaakt door een incident en moet worden uitgedrukt als een combinatie van de omvang van een dergelijk verlies of verstoring en de waarschijnlijkheid dat het incident zich voordoet. Definitie volgens artikel 6 van Richtlijn (EU) 2022/2555 (NIS2-richtlijn) management;
(ii) reporting of major ICT-related incidents and notifying, on a voluntary basis, significant cyber threats to the competent authorities;
(iii) reporting of major operational or security payment-related incidents to the competent authorities by financial entities referred to in Article 2(1), points (a) to (d);
(iv) digital operational resilience testing;
(v) information and intelligence sharing in relation to cyber threats and vulnerabilities;
(vi) measures for the sound management of ICT third-party risk;
(b) requirements in relation to the contractual arrangements concluded between ICT third-party service providers and financial entities;
(c) rules for the establishment and conduct of the Oversight Framework for critical ICT third-party service providers when providing services to financial entities;
(d) rules on cooperation among competent authorities, and rules on supervision and enforcement by competent authorities in relation to all matters covered by this Regulation.
This Regulation is without prejudice to the responsibility of Member States’ regarding essential State functions concerning public security, defence and national security in accordance with Union law.
In relation to financial entities identified as essential or important entities pursuant to national rules transposing Article 3 of Directive (EU) 2022/2555, this Regulation shall be considered a sector-specific Union legal act for the purposes of Article 4 of that Directive.