F1CHAPTER IIIaSECURITY AND INTEGRITY OF NETWORKS AND SERVICES
Article 13bImplementation and enforcement
1.
Member States shall ensure that in order to implement Article 13a, competent national regulatory authorities have the power to issue binding instructions, including those regarding time limits for implementation, to undertakings providing public communications networks or publicly available electronic communications services.
2.
Member States shall ensure that competent national regulatory authorities have the power to require undertakings providing public communications networks or publicly available electronic communications services to:
(a)
provide information needed to assess the security and/or integrity of their services and networks, including documented security policies; and
(b)
submit to a security audit carried out by a qualified independent body or a competent national authority and make the results thereof available to the national regulatory authority. The cost of the audit shall be paid by the undertaking.
3.
Member States shall ensure that national regulatory authorities have all the powers necessary to investigate cases of non-compliance and the effects thereof on the security and integrity of the networks.
4.
These provisions shall be without prejudice to Article 3 of this Directive.