Regulatory ESSENTIAL



Regulatory ESSENTIALS - modular information package with all the essential information for compliant products in your target market. Conveniently read online at Product-Compliance-Portal ROGER WILLCO.

IT; OT; Operational technology (OT) controls devices; Information technology (IT) controls data; Threat modelling; Threat modeling; vulnerability; incident; handling; ISMS; data privacy; security asset; network asset, privacy asset; financial asset

layoutpicture
Scope: This ESSENTIAL introduces some aspects set by the NIS-2-directive with respect to cybersecurity. For actual product related requirements see "ESSENTIAL ESS EEA Cybersecurity - Products with digital elements" and Cyber Resilience Act.

Stakeholders: Manufacturer, B2C products, B2B products
Legislation in force: NIS-2-Directive (EU) 2022/2555 Publication in Official Journal of the European Union on 27. December 2022. Transposition by member states by 17 October 2024. Application of measures by 18 October 2024. Brief description of NIS-2-Directive (EU) 2022/2555 Scope: - significantly expanded compared to NIS. - companies that employ more than 50 people AND - have an annual turnover or an annual balance sheet of more than EUR 10 million AND - belong to a critical or most important sector. - covered sectors are being massively expanded. - critical health sector will include healthcare providers, for example, and in particular laboratories, medical research and pharmaceuticals, and manufacturers of medical devices. - critical “digital infrastructure” sector, which in future will also include cloud providers, data centers and content delivery networks in particular, will be significantly expanded. - important sectors will include the entire industrial sector and in particular manufacturers of medical devices and computers, but also the mechanical engineering and mobility sectors. Obligations: - NIS 2 directive provides for various risk management measures and reporting obligations for companies - in particular the creation of risk analysis and security concepts for the information systems, the management of incidents, the disclosure of weak points and ensuring security in the supply chain. - two-step approach is envisaged for reporting. - after becoming aware of an incident, companies have 24 hours to submit a preliminary report, followed by a final report no later than one month later. Entities & Sectors: - in NIS 2 more entities and sectors will have to take measures to protect themselves: - “Essential sectors” such as the energy, transport, banking, health, digital infrastructure, public administration and space sectors will be covered by the new security provisions. - “Important sectors” (NEW) also fall under NIS 2 such as postal services, waste management, chemicals, food, manufacturing of medical devices, electronics, machinery, motor vehicles and digital providers. All medium-sized and large companies in selected sectors would fall under the legislation.

Application national:

Countries: Image for EEA European Economic Area (EU + Iceland, Lichtenstein, Norway),  
Status: Published 2024-07-04 by Benjamin Kerger and Torsten Sahm
Last change 2024-07-11 by Benjamin Kerger: Legislation in force for this PCT, Cybersecurity
ROGER WILLCO ID: #g373
Price 30 day license for 59.00 € NET net

ANY QUESTIONS?

essentials@globalnorm.de

+49 30 3229027-50



 


Buy a 30 day license for 59.00 € net now ...




Scope of this ESSENTIAL
This ESSENTIAL introduces some aspects set by the NIS-2-directive with respect to cybersecurity.
For actual product related requirements see "ESSENTIAL ESS EEA Cybersecurity - Products with digital elements" and Cyber Resilience Act. '

Abbreviations
Here you will get a table

Important abbreviations which are special for this legislation or theme.

Analysis of regulatory requirements

Legislation in force for this PCT
Here you will get a linked document in ROGER WILLCO
(only reachable with additional ROGER WILLCO license)

Are legal provisions regulates the product compliance topic? If yes, what is the reference (title, number)?

Legislation in force for this PCT
Here you will get textual information

Are legal provisions regulates the product compliance topic? If yes, what is the reference (title, number)?

Scope of legislation
Subject: Measures that aim to achieve a high common level of cybersecurity
- Obligations for Member States (strategies, authorities, contact points, incident response teams
- Cybersecurity risk-management measures and reporting obligations for entities “CSIRTs”
- Rules and obligations
- Supervisory and enforcement obligations on Member States.'

Scope of legislation
Here you will get linked document(s)

Responsible actors
Here you will get textual information

Which actor(s) are responsible for compliance with the legal provisions: e. g. - economic operators (manufacturer, importer, distributor, fulfilment service provider), - user (commercial/industrial/professional), - user (private, consumer)?

Responsible actors
Here you will get a linked document in ROGER WILLCO
(only reachable with additional ROGER WILLCO license)

Which actor(s) are responsible for compliance with the legal provisions: e. g. - economic operators (manufacturer, importer, distributor, fulfilment service provider), - user (commercial/industrial/professional), - user (private, consumer)?

Process-related requirements?
Here you will get textual information

Product-related requirements?
Here you will get textual information

Product-related requirements?
Here you will get related hyperlink(s)

Regulatory market access conditions for the actor(s)
Here you will get textual information

What are the main regulatory requirements (e. g. conformity assessment fulfilment of essential requirements of Annex I 2006/42/EC) prior placing on the market, importation and putting into service (brief description)

Penalty by this legislation
Here you will get textual information

What are the possible penalties (e. g. sales ban, fines) in the case of non-compliance?

Exemption clauses
Here you will get textual information

Exempted devices/products or industry sectors.

Sub-federal legislation of states/counties
Here you will get textual information

E. g. by 2019 an Inter-Governmental Agreement (IGA) on governance of the Electrical Equipment Safety System (EESS) has been signed by Queensland, Victoria, Western Australia and Tasmania.

Adequate third countries to transfer data
Here you will get textual information

Authority
Here you will get textual information

Name of the authority for approval, registration, market surveillance and/or enforcement

Market surveillance authority
Here you will get related hyperlink(s)

Name of the authority for market surveillance and/or enforcement

Hints
Here you will get related hyperlink(s)

Specific recommendations, information or most common mistakes

Route to compliance

Formal and administrative requirements

Registration at related authority required?
Here you will get textual information

Product registration? Manufacturer registration? Importer / Representative registration? if required.

Local representative legally required?
Here you will get textual information

[Yes/No]

Hints
Here you will get textual information

Specific recommendations, information or most common mistakes

Equipment authorization (approval process)

Approval process (conformity assessment procedure)
Here you will get textual information

Means each legally required approval process prior placing on the market, importation or putting into service

Testing & Standards

Specific requirements for testing
Here you will get textual information

e. g. is an accredited test lab. mandatory, limits, test samples, product description

Source for standards for conformity assessment
Here you will get textual information

Hints
Here you will get related hyperlink(s)

Specific recommendations, information or most common mistakes

Regulatory labelling, markings and user information

Regulatory label (mandatory)
Here you will get textual information

e. g. product label


Code, ContinentEEA,
Economic Area
Official Language24 official languages
Standard Institute
HS Codemember






GLOBALNORM COMPLIANCE
GLOBALNORM ACADEMY
GLOBALNORM GmbH

Keep abreast of new and changed requirements and thus act proactively.
Our ACADEMY offers training in a format to suit you – for a direct knowledge transfer from our experts to your company.
Minimize risk, conserve resources, and grow successfully with an understanding of standards and market approval requirements.




Top of the page

© 2024 Globalnorm GmbH