Source: OJ L, 2026/881, 20.4.2026Current language: FR
- Cyber resilience for products with digital elements
Delegated acts
- Terms and conditions for delaying notifications
Article 2 Définitions
Summary What does Article 2 of the Terms and conditions for delaying notifications say?
This is a definitions article, establishing the precise meaning of two key terms used throughout the Regulation.
Rather than introducing substantive obligations, it sets the terminological foundation that underpins the operative provisions — particularly those in Articles 3, 4, and 5 — which govern when and how the dissemination of vulnerability notifications may be delayed.
Both definitions are anchored in existing legal frameworks, specifically Directive (EU) 2022/2555 and Regulation (EU) 2024/2847, ensuring consistency across the broader EU cybersecurity legislative landscape.
Important points:
- The "CSIRT initially receiving the notification" refers to the designated coordinator CSIRT that first receives a vulnerability notification under Regulation (EU) 2024/2847 — this is the body that holds the power to delay dissemination under the Regulation.
- The "relevant CSIRT" is defined as the designated coordinator CSIRT covering the territory where the manufacturer has indicated the product with digital elements has been made available — establishing which CSIRTs are entitled to receive disseminated notifications.
- Both definitions rely on the designation mechanism set out in Article 12(1) of Directive (EU) 2022/2555, tying this Regulation firmly to the broader NIS2 framework.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Aux fins du présent règlement, on entend par:
«CSIRT recevant initialement la notification»: le CSIRT désigné comme coordinateur qui reçoit initialement la notification conformément à l’article 14, paragraphes 1 et 3, et à l’article 15, paragraphes 1 et 2, du règlement (UE) 2024/2847;
«CSIRT concerné»: le CSIRT désigné comme coordinateur sur le territoire duquel le fabricant a indiqué que le produit comportant des éléments numériques a été mis à disposition.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
CSIRT recevant initialement la notification
(En. CSIRT initially receiving the notification)
Definition
CSIRT concerné
(En. relevant CSIRT)
Definition
CSIRT désigné comme coordinateur
(En. CSIRT designated as coordinator)
Definition
composant
(En. component)
Definition
logiciel
(En. software)
Definition
produit comportant des éléments numériques
(En. product with digital elements)
Definition
fabricant
(En. manufacturer)
Definition
système d’information électronique
(En. electronic information system)
Definition
traitement de données à distance
(En. remote data processing)