Activities of Petar VITANOV related to 2020/0359(COD)
Shadow opinions (1)
OPINION on the proposal for a directive of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union, repealing Directive (EU) 2016/1148
Amendments (10)
Amendment 21 #
Proposal for a directive
Recital 18 a (new)
Recital 18 a (new)
(18 a) Given that the roll-out of autonomous mobility will bring considerable benefits, but also entails a variety of new risks, namely regarding road traffic safety, cybersecurity, intellectual property rights, data protection and data access issues, technical infrastructure, standardisation, and employment, it is of crucial importance to ensure that the EU legal framework adequately responds to those challenges and effectively manages all risks posed to the security of network and information systems.
Amendment 22 #
Proposal for a directive
Recital 18 b (new)
Recital 18 b (new)
Amendment 27 #
Proposal for a directive
Recital 34
Recital 34
(34) The Cooperation Group should remain a flexible forum and be able to react to changing and new policy priorities and challenges while taking into account the availability of resources. It should organize regular joint meetings with relevant private stakeholders from across the Union to discuss activities carried out by the Group and gather input on emerging policy challenges. In order to enhance cooperation at Union level, the Group should consider inviting, where relevant, Union bodies and agencies involved in cybersecurity policy, such as the European Cybercrime Centre (EC3), the European Union Aviation Safety Agency (EASA) and the European Union Agency for Space Programme (EUS, the European Union Agency for Space Programme (EUSPA), the European Defence Agency (EDA), the European Data Protection Supervisor (EDPS),the European Union Agency for Law Enforcement Training (CEPOL), the European Institute of Innovation and Technology (EIT), the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), the European Securities and Markets Authority(ESMA), the European Banking Authority (EBA), the European Foundation for the Improvement of Living and Working Conditions (Eurofound) and the European Insurance and Occupational Pensions Authority (EIOPA) to participate in its work.
Amendment 35 #
Proposal for a directive
Article 2 – paragraph 6
Article 2 – paragraph 6
6. Where provisions of sector–specific acts of Union law require essential or important entities either to adopt cybersecurity risk management measures or to notify incidents or significant cyber threats, and where those requirements are at least equivalent in effect to the obligations laid down in this Directive, including as to the power, mandate and functions of the respective supervisory authorities, the relevant provisions of this Directive, including the provision on supervision and enforcement laid down in Chapter VI, shall not apply.
Amendment 46 #
Proposal for a directive
Article 18 – paragraph 5
Article 18 – paragraph 5
5. The Commission may adopt implementingdelegated acts in order to lay down the technical and the methodological specifications of the elements referred to in paragraph 2. WThere preparing those acts, the Commission shall proceed in accordance with the examination procedure referred to in delegated act shall be adopted in accordance with Article 37(2)6 and follow, to the greatest extent possible, international and European standards, as well as relevant technical specifications.
Amendment 52 #
Proposal for a directive
Article 20 – paragraph 4 – point a
Article 20 – paragraph 4 – point a
(a) without undue delay and in any event within 724 hours after having become aware of the incident, an initial notification, which, where applicable, shall indicate whether the incident is presumably caused by unlawful or malicious action;
Amendment 54 #
Proposal for a directive
Article 20 – paragraph 5
Article 20 – paragraph 5
5. The competent national authorities or the CSIRT shall provide, within 724 hours after receiving the initial notification referred to in point (a) of paragraph 4, a response to the notifying entity, including initial feedback on the incident and, upon request of the entity, guidance on the implementation of possible mitigation measures. Where the CSIRT did not receive the notification referred to in paragraph 1 , the guidance shall be provided by the competent authority in collaboration with the CSIRT. The CSIRT shall provide additional technical support if the concerned entity so requests. Where the incident is suspected to be of criminal nature, the competent national authorities or the CSIRT shall also provide guidance on reporting the incident to law enforcement authorities.
Amendment 55 #
Proposal for a directive
Article 20 – paragraph 11
Article 20 – paragraph 11
11. The Commission, may adopt implementingdelegated acts further specifying the type of information, the format and the procedure of a notification submitted pursuant to paragraphs 1 and 2. The Commission may also adopt implementing acts to further specify the cases in which an incident shall be considered significant as referred to in paragraph 3. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 37(2).
Amendment 59 #
Proposal for a directive
Article 21 – paragraph 1 a (new)
Article 21 – paragraph 1 a (new)
1 a. The requirements of this Directive regarding cybersecurity certification shall be without prejudice to Article 56 (2) and (3) of Regulation (EU) 2019/881.
Amendment 62 #
Proposal for a directive
Article 21 – paragraph 3
Article 21 – paragraph 3
3. TIn order to elevate the overall level of cybersecurity resilience, the Commission may request ENISA to prepare a candidate scheme pursuant to Article 48(2)7 and Article 48 of Regulation (EU) 2019/881 in cases where no appropriate European cybersecurity certification scheme for the purposes of paragraph 2 is availableis available. Such candidate schemes shall comply with the requirements laid down in Article 56(2)and Article 56(3) of Regulation (EU) 2019/881.