Source: OJ L, 2026/881, 20.4.2026Current language: FR
- Cyber resilience for products with digital elements
Delegated acts
- Terms and conditions for delaying notifications
Article 5 Conditions d’application des motifs ayant trait à la cybersécurité en ce qui concerne la plateforme unique de signalement
Summary What does Article 5 of the Terms and conditions for delaying notifications say?
Article 5 addresses a specific platform-level scenario that complements the earlier articles dealing with delays in notification dissemination.
Where Articles 3 and 4 focused on content sensitivity and CSIRT-specific concerns as grounds for delay, this article deals with the integrity of the single reporting platform itself.
If ENISA notifies the CSIRTs Network that the single reporting platform has suffered a cybersecurity incident that undermines its ability to keep notifications confidential, the CSIRT initially receiving the notification is permitted to hold off on disseminating via that platform until ENISA confirms confidentiality has been restored.
Important points:
- The CSIRT initially receiving the notification may delay dissemination via the single reporting platform if that platform has been compromised by a cybersecurity incident affecting confidentiality.
- ENISA acts as the trigger for both the delay and its lifting — the delay begins when ENISA informs the CSIRTs Network of the incident and ends only when ENISA confirms confidentiality has been restored.
- This provision is expressly tied to the single reporting platform established under Article 16 of Regulation (EU) 2024/2847, meaning it applies to that specific channel only.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Le CSIRT recevant initialement la notification peut décider de retarder la diffusion des notifications via la plateforme unique de signalement établie par l’article 16 du règlement (UE) 2024/2847 lorsque l’ENISA a informé le réseau des CSIRT, conformément à l’article 16, paragraphe 4, dudit règlement, que la plateforme unique de signalement a été touchée par un incident de cybersécurité remettant en cause sa capacité à garantir la confidentialité des informations notifiées. Dans un tel cas, le CSIRT recevant initialement la notification peut retarder la diffusion via la plateforme unique de signalement jusqu’à ce que l’ENISA ait informé le réseau des CSIRT que la capacité de la plateforme à garantir la confidentialité des notifications a été rétablie.
Relevant recitals
Considérant 6 Compromise of the single reporting platform
Afin d’empêcher des acteurs malveillants d’accéder à des informations sensibles, lorsque la plateforme unique de signalement établie en vertu de l’article 16 du règlement (UE) 2024/2847 a été compromise par un incident de cybersécurité, le CSIRT recevant initialement la notification devrait retarder la diffusion via la plateforme unique de signalement jusqu’à ce que la capacité de cette plateforme à garantir la confidentialité des informations notifiées ait été rétablie.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
cybersécurité
(En. cybersecurity)
Definition
CSIRT recevant initialement la notification
(En. CSIRT initially receiving the notification)
Definition
CSIRT désigné comme coordinateur
(En. CSIRT designated as coordinator)
Definition
incident