exchanging information on CSIRTs' services, operations and cooperation capabilities;

at the request of a representative of a CSIRT from a Member State potentially affected by an incident, exchanging and discussing non-commercially sensitive information related to that incident and associated risks; however, any Member State's CSIRT may refuse to contribute to that discussion if there is a risk of prejudice to the investigation of the incident;

exchanging and making available on a voluntary basis non-confidential information concerning individual incidents;

at the request of a representative of a Member State's CSIRT, discussing and, where possible, identifying a coordinated response to an incident that has been identified within the jurisdiction of that same Member State;

providing Member States with support in addressing cross-border incidents on the basis of their voluntary mutual assistance;

discussing, exploring and identifying further forms of operational cooperation, including in relation to:

1. (i)

   categories of risks and incidents;

2. (ii)

   early warnings;

3. (iii)

   mutual assistance;

4. (iv)

   principles and modalities for coordination, when Member States respond to cross-border risks and incidents;

informing the Cooperation Group of its activities and of the further forms of operational cooperation discussed pursuant to point (f), and requesting guidance in that regard;

discussing lessons learnt from exercises relating to the security of network and information systems, including from those organised by ENISA;

at the request of an individual CSIRT, discussing the capabilities and preparedness of that CSIRT;

issuing guidelines in order to facilitate the convergence of operational practices with regard to the application of the provisions of this Article concerning operational cooperation.