Artikel 25 Standardisering

Summary What does Article 25 of the NIS 2 directive say?

This article serves as a supporting provision to Article 21, which sets out the core cybersecurity risk-management obligations for essential and important entities.

Rather than mandating specific technical solutions, it focuses on encouraging a consistent approach to implementing those obligations across Member States through the use of European and international standards and technical specifications.

ENISA is given a practical role here, tasked with producing advice and guidelines to help identify relevant technical areas and existing standards that can assist in that convergence.

Important points:

Member States must encourage the use of European and international standards for network and information system security, without favouring any particular technology.
ENISA is required to draw up advice and guidelines on relevant technical areas and existing standards, including national standards, in cooperation with Member States.
This article directly supports the implementation of the cybersecurity risk-management measures laid out in Article 21.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

1. För att främja en enhetlig tillämpning av artikel 21.1 och 21.2 ska medlemsstaterna, utan att föreskriva eller gynna användning av en viss typ av teknik, uppmuntra användningen av europeiska och internationella standarder och tekniska specifikationer av relevans för säkerheten i nätverks- och informationssystem.
1. Enisa ska i samarbete med medlemsstaterna och, när så är lämpligt, efter samråd med relevanta intressenter, utarbeta råd och riktlinjer för de tekniska områden som ska beaktas när det gäller punkt 1 samt för redan befintliga standarder, inklusive nationella standarder, som skulle göra det möjligt att täcka dessa områden.

Table of contents

Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.