8 Amendments of François-Xavier BELLAMY related to 2020/0359(COD)
Amendment 217 #
Proposal for a directive
Article 2 – paragraph 1
Article 2 – paragraph 1
1. This Directive applies to public and private entities of a type referred to as essential entities in Annex I and as important entities in Annex II, including manufacturers and providers of ICT products. This Directive does not apply to entities that qualify as micro and small enterprises within the meaning of Commission Recommendation 2003/361/EC.28 _________________ 28 Commission Recommendation 2003/361/EC of 6 May 2003 concerning the definition of micro, small and medium- sized enterprises (OJ L 124, 20.5.2003, p. 36).
Amendment 274 #
Proposal for a directive
Article 5 – paragraph 1 – introductory part
Article 5 – paragraph 1 – introductory part
1. Each Member State shall adopt a national cybersecurity strategy defining the strategic objectives and appropriate policy and regulatory measures, with a view to achieving and maintaining a high level of cybersecurity, and strengthening the Union’s strategic autonomy. The national cybersecurity strategy shall include, in particular, the following:
Amendment 310 #
Proposal for a directive
Article 6 – paragraph 2
Article 6 – paragraph 2
2. ENISA shall develop and maintain a European vulnerability registry. To that end, ENISA shall establish and maintain the appropriate information systems, policies and procedures with a view in particular to enabling important and essential entities and their suppliers of network and information systems to disclose and register vulnerabilities present in ICT products or ICT services, as well as to provide access to the information on vulnerabilities contained in the registry to all interested parties. The registry shall, in particular, include information describing the vulnerability, the affected ICT product or ICT services and the severity of the vulnerability in terms of the circumstances under which it may be exploited, the availability of related patches and, in the absence of available patches, guidance addressed to users of vulnerableENISA should not disclose the vulnerability and impose a deadline to manufacturers or providers of ICT products andor ICT services as to how the risks resulting from disclosed vulnerabilities may be mitigatedto provide a reliable mitigation. When several players are affected by the same vulnerability, ENISA should coordinate the schedule of the installation of the mitigation patches.
Amendment 388 #
Proposal for a directive
Article 18 – paragraph 1
Article 18 – paragraph 1
1. Member States shall ensure that essential and important entities, including manufacturers and providers of ICT products, shall take appropriate and proportionate technical and organisational measures to manage the risks posed to the security of network and information systems which those entities use in the provision of their services. Having regard to the state of the art, those measures shall ensure a level of security of network and information systems appropriate to the risk presented.
Amendment 556 #
Proposal for a directive
Article 29 – paragraph 5 – subparagraph 1 – introductory part
Article 29 – paragraph 5 – subparagraph 1 – introductory part
Amendment 559 #
Proposal for a directive
Article 29 – paragraph 5 – subparagraph 1 – point a
Article 29 – paragraph 5 – subparagraph 1 – point a
(a) suspend or request a certification or authorisation body to suspend a certification or authorisation concerning part or all the services or activities provided by an essential entity or the related manufacturers and providers of ICT products;
Amendment 564 #
Proposal for a directive
Article 29 – paragraph 5 – subparagraph 1 – point b
Article 29 – paragraph 5 – subparagraph 1 – point b
(b) impose or request the imposition by the relevant bodies or courts according to national laws of a temporary ban against any person discharging managerial responsibilities at chief executive officer or legal representative level in that essential entity, and of any other natural person held responsible for the breach, from exercising managerial functions in that entity, or the related manufacturers and providers of ICT products.
Amendment 568 #
Proposal for a directive
Article 29 – paragraph 5 – subparagraph 2
Article 29 – paragraph 5 – subparagraph 2
These sanctions shall be applied only until the entity, or the related manufacturers and providers of ICT products, takes the necessary action to remedy the deficiencies or comply with the requirements of the competent authority for which such sanctions were applied.