- Latest available (Revised)
- Original (As adopted by EU)
Directive (EU) 2016/1148 of the European Parliament and of the CouncilShow full title
Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union
You are here:
- Directives originating from the EU
- 2016 No. 1148
- Annexes only
What Version
Advanced Features
- Show Geographical Extent(e.g. England, Wales, Scotland and Northern Ireland)
- Show Timeline of Changes
More Resources
This is a Directive originating from the EU
This is a legislation item that originated from the EU
After exit day there will be three versions of this legislation to consult for different purposes. The legislation.gov.uk version is the version that applies in the UK. The EU Version currently on EUR-lex is the version that currently applies in the EU i.e you may need this if you operate a business in the EU.
The web archive version is the official version of this legislation item as it stood on exit day before being published to legislation.gov.uk and any subsequent UK changes and effects applied. The web archive also captured associated case law and other language formats from EUR-Lex.
Changes over time for: Directive (EU) 2016/1148 of the European Parliament and of the Council (Annexes only)
Status:
EU Directives are being published on this site to aid cross referencing from UK legislation. After IP completion day (31 December 2020 11pm) no further amendments will be applied to this version.
ANNEX IU.K. REQUIREMENTS AND TASKS OF COMPUTER SECURITY INCIDENT RESPONSE TEAMS (CSIRTs)
The requirements and tasks of CSIRTs shall be adequately and clearly defined and supported by national policy and/or regulation. They shall include the following:
(1)
Requirements for CSIRTs:
(a)
CSIRTs shall ensure a high level of availability of their communications services by avoiding single points of failure, and shall have several means for being contacted and for contacting others at all times. Furthermore, the communication channels shall be clearly specified and well known to the constituency and cooperative partners.
(b)
CSIRTs' premises and the supporting information systems shall be located in secure sites.
(c)
Business continuity:
(i)
CSIRTs shall be equipped with an appropriate system for managing and routing requests, in order to facilitate handovers.
(ii)
CSIRTs shall be adequately staffed to ensure availability at all times.
(iii)
CSIRTs shall rely on an infrastructure the continuity of which is ensured. To that end, redundant systems and backup working space shall be available.
(d)
CSIRTs shall have the possibility to participate, where they wish to do so, in international cooperation networks.
(2)
CSIRTs' tasks:
(a)
CSIRTs' tasks shall include at least the following:
(i)
monitoring incidents at a national level;
(ii)
providing early warning, alerts, announcements and dissemination of information to relevant stakeholders about risks and incidents;
(iii)
responding to incidents;
(iv)
providing dynamic risk and incident analysis and situational awareness;
(v)
participating in the CSIRTs network.
(b)
CSIRTs shall establish cooperation relationships with the private sector.
(c)
To facilitate cooperation, CSIRTs shall promote the adoption and use of common or standardised practices for:
(i)
incident and risk-handling procedures;
(ii)
incident, risk and information classification schemes.
ANNEX IIU.K. TYPES OF ENTITIES FOR THE PURPOSES OF POINT (4) OF ARTICLE 4
| a Directive 2009/72/EC of the European Parliament and of the Council of 13 July 2009 concerning common rules for the internal market in electricity and repealing Directive 2003/54/EC (OJ L 211, 14.8.2009, p. 55). | ||
| b Directive 2009/73/EC of the European Parliament and of the Council of 13 July 2009 concerning common rules for the internal market in natural gas and repealing Directive 2003/55/EC (OJ L 211, 14.8.2009, p. 94). | ||
| c Regulation (EC) No 300/2008 of the European Parliament and of the Council of 11 March 2008 on common rules in the field of civil aviation security and repealing Regulation (EC) No 2320/2002 (OJ L 97, 9.4.2008, p. 72). | ||
| d Directive 2009/12/EC of the European Parliament and of the Council of 11 March 2009 on airport charges (OJ L 70, 14.3.2009, p. 11). | ||
| e Regulation (EU) No 1315/2013 of the European Parliament and of the Council of 11 December 2013 on Union guidelines for the development of the trans–European transport network and repealing Decision No 661/2010/EU (OJ L 348, 20.12.2013, p. 1). | ||
| f Regulation (EC) No 549/2004 of the European Parliament and of the Council of 10 March 2004 laying down the framework for the creation of the single European sky (the framework Regulation) (OJ L 96, 31.3.2004, p. 1). | ||
| g Directive 2012/34/EU of the European Parliament and of the Council of 21 November 2012 establishing a single European railway area (OJ L 343, 14.12.2012, p. 32). | ||
| h Regulation (EC) No 725/2004 of the European Parliament and of the Council of 31 March 2004 on enhancing ship and port facility security (OJ L 129, 29.4.2004, p. 6). | ||
| i Directive 2005/65/EC of the European Parliament and of the Council of 26 October 2005 on enhancing port security (OJ L 310, 25.11.2005, p. 28). | ||
| j Directive 2002/59/EC of the European Parliament and of the Council of 27 June 2002 establishing a Community vessel traffic monitoring and information system and repealing Council Directive 93/75/EEC (OJ L 208, 5.8.2002, p. 10). | ||
| l Commission Delegated Regulation (EU) 2015/962 of 18 December 2014 supplementing Directive 2010/40/EU of the European Parliament and of the Council with regard to the provision of EU–wide real–time traffic information services (OJ L 157, 23.6.2015, p. 21). | ||
| k Directive 2010/40/EU of the European Parliament and of the Council of 7 July 2010 on the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other modes of transport (OJ L 207, 6.8.2010, p. 1). | ||
| m Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012 (OJ L 176, 27.6.2013, p. 1). | ||
| n Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349). | ||
| o Regulation (EU) No 648/2012 of the European Parliament and of the Council of 4 July 2012 on OTC derivatives, central counterparties and trade repositories (OJ L 201, 27.7.2012, p. 1). | ||
| p Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients' rights in cross–border healthcare (OJ L 88, 4.4.2011, p. 45). | ||
| q Council Directive 98/83/EC of 3 November 1998 on the quality of water intended for human consumption (OJ L 330, 5.12.1998, p. 32). | ||
| Sector | Subsector | Type of entity |
|---|---|---|
1.Energy | (a)Electricity | —Electricity undertakings as defined in point (35) of Article 2 of Directive 2009/72/EC of the European Parliament and of the Councila, which carry out the function of ‘supply’ as defined in point (19) of Article 2 of that Directive |
—Distribution system operators as defined in point (6) of Article 2 of Directive 2009/72/EC | ||
—Transmission system operators as defined in point (4) of Article 2 of Directive 2009/72/EC | ||
(b)Oil | —Operators of oil transmission pipelines | |
—Operators of oil production, refining and treatment facilities, storage and transmission | ||
(c)Gas | —Supply undertakings as defined in point (8) of Article 2 of Directive 2009/73/EC of the European Parliament and of the Councilb | |
—Distribution system operators as defined in point (6) of Article 2 of Directive 2009/73/EC | ||
—Transmission system operators as defined in point (4) of Article 2 of Directive 2009/73/EC | ||
—Storage system operators as defined in point (10) of Article 2 of Directive 2009/73/EC | ||
—LNG system operators as defined in point (12) of Article 2 of Directive 2009/73/EC | ||
—Natural gas undertakings as defined in point (1) of Article 2 of Directive 2009/73/EC | ||
—Operators of natural gas refining and treatment facilities | ||
2.Transport | (a)Air transport | —Air carriers as defined in point (4) of Article 3 of Regulation (EC) No 300/2008 of the European Parliament and of the Councilc |
—Airport managing bodies as defined in point (2) of Article 2 of Directive 2009/12/EC of the European Parliament and of the Councild, airports as defined in point (1) of Article 2 of that Directive, including the core airports listed in Section 2 of Annex II to Regulation (EU) No 1315/2013 of the European Parliament and of the Councile, and entities operating ancillary installations contained within airports | ||
—Traffic management control operators providing air traffic control (ATC) services as defined in point (1) of Article 2 of Regulation (EC) No 549/2004 of the European Parliament and of the Councilf | ||
(b)Rail transport | —Infrastructure managers as defined in point (2) of Article 3 of Directive 2012/34/EU of the European Parliament and of the Councilg | |
—Railway undertakings as defined in point (1) of Article 3 of Directive 2012/34/EU, including operators of service facilities as defined in point (12) of Article 3 of Directive 2012/34/EU | ||
(c)Water transport | —Inland, sea and coastal passenger and freight water transport companies, as defined for maritime transport in Annex I to Regulation (EC) No 725/2004 of the European Parliament and of the Councilh, not including the individual vessels operated by those companies | |
—Managing bodies of ports as defined in point (1) of Article 3 of Directive 2005/65/EC of the European Parliament and of the Councili, including their port facilities as defined in point (11) of Article 2 of Regulation (EC) No 725/2004, and entities operating works and equipment contained within ports | ||
—Operators of vessel traffic services as defined in point (o) of Article 3 of Directive 2002/59/EC of the European Parliament and of the Councilj | ||
(d)Road transport | —Road authorities as defined in point (12) of Article 2 of Commission Delegated Regulation (EU) 2015/962l responsible for traffic management control | |
—Operators of Intelligent Transport Systems as defined in point (1) of Article 4 of Directive 2010/40/EU of the European Parliament and of the Councilk | ||
3.Banking | Credit institutions as defined in point (1) of Article 4 of Regulation (EU) No 575/2013 of the European Parliament and of the Councilm | |
4.Financial market infrastructures | —Operators of trading venues as defined in point (24) of Article 4 of Directive 2014/65/EU of the European Parliament and of the Counciln | |
—Central counterparties (CCPs) as defined in point (1) of Article 2 of Regulation (EU) No 648/2012 of the European Parliament and of the Councilo | ||
5.Health sector | Health care settings (including hospitals and private clinics) | Healthcare providers as defined in point (g) of Article 3 of Directive 2011/24/EU of the European Parliament and of the Councilp |
6.Drinking water supply and distribution | Suppliers and distributors of water intended for human consumption as defined in point (1)(a) of Article 2 of Council Directive 98/83/ECq but excluding distributors for whom distribution of water for human consumption is only part of their general activity of distributing other commodities and goods which are not considered essential services | |
7.Digital Infrastructure | —IXPs | |
—DNS service providers | ||
—TLD name registries | ||
ANNEX IIIU.K. TYPES OF DIGITAL SERVICES FOR THE PURPOSES OF POINT (5) OF ARTICLE 4
1.
Online marketplace.
2.
Online search engine.
3.
Cloud computing service.
Options/Help
Print Options
PrintThe Whole Directive
PrintThe Annexes only
Legislation is available in different versions:
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As adopted by EU): The original version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.
See additional information alongside the content
Geographical Extent: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Show Timeline of Changes: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Opening Options
Different options to open legislation in order to view more content on screen at once
More Resources
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the EU Official Journal
- lists of changes made by and/or affecting this legislation item
- all formats of all associated documents
- correction slips
- links to related legislation and further information resources
Timeline of Changes
This timeline shows the different versions taken from EUR-Lex before exit day and during the implementation period as well as any subsequent versions created after the implementation period as a result of changes made by UK legislation.
The dates for the EU versions are taken from the document dates on EUR-Lex and may not always coincide with when the changes came into force for the document.
For any versions created after the implementation period as a result of changes made by UK legislation the date will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. For further information see our guide to revised legislation on Understanding Legislation.
More Resources
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the print copy
- correction slips
Click 'View More' or select 'More Resources' tab for additional information including:
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- links to related legislation and further information resources
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.