Directive (EU) 2016/1148 of the European Parliament and of the CouncilShow full title

CHAPTER IIIU.K. COOPERATION

Article 11U.K.Cooperation Group

1.In order to support and facilitate strategic cooperation and the exchange of information among Member States and to develop trust and confidence, and with a view to achieving a high common level of security of network and information systems in the Union, a Cooperation Group is hereby established.

The Cooperation Group shall carry out its tasks on the basis of biennial work programmes as referred to in the second subparagraph of paragraph 3.

2.The Cooperation Group shall be composed of representatives of the Member States, the Commission and ENISA.

Where appropriate, the Cooperation Group may invite representatives of the relevant stakeholders to participate in its work.

The Commission shall provide the secretariat.

3.The Cooperation Group shall have the following tasks:

(a)providing strategic guidance for the activities of the CSIRTs network established under Article 12;

(b)exchanging best practice on the exchange of information related to incident notification as referred to in Article 14(3) and (5) and Article 16(3) and (6);

(c)exchanging best practice between Member States and, in collaboration with ENISA, assisting Member States in building capacity to ensure the security of network and information systems;

(d)discussing capabilities and preparedness of the Member States, and, on a voluntary basis, evaluating national strategies on the security of network and information systems and the effectiveness of CSIRTs, and identifying best practice;

(e)exchanging information and best practice on awareness-raising and training;

(f)exchanging information and best practice on research and development relating to the security of network and information systems;

(g)where relevant, exchanging experiences on matters concerning the security of network and information systems with relevant Union institutions, bodies, offices and agencies;

(h)discussing the standards and specifications referred to in Article 19 with representatives from the relevant European standardisation organisations;

(i)collecting best practice information on risks and incidents;

(j)examining, on an annual basis, the summary reports referred to in the second subparagraph of Article 10(3);

(k)discussing the work undertaken with regard to exercises relating to the security of network and information systems, education programmes and training, including the work done by ENISA;

(l)with ENISA's assistance, exchanging best practice with regard to the identification of operators of essential services by the Member States, including in relation to cross-border dependencies, regarding risks and incidents;

(m)discussing modalities for reporting notifications of incidents as referred to in Articles 14 and 16.

By 9 February 2018 and every two years thereafter, the Cooperation Group shall establish a work programme in respect of actions to be undertaken to implement its objectives and tasks, which shall be consistent with the objectives of this Directive.

4.For the purpose of the review referred to in Article 23 and by 9 August 2018, and every year and a half thereafter, the Cooperation Group shall prepare a report assessing the experience gained with the strategic cooperation pursued under this Article.

5.The Commission shall adopt implementing acts laying down procedural arrangements necessary for the functioning of the Cooperation Group. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 22(2).

For the purposes of the first subparagraph, the Commission shall submit the first draft implementing act to the committee referred to in Article 22(1) by 9 February 2017.

Article 12U.K.CSIRTs network

1.In order to contribute to the development of confidence and trust between the Member States and to promote swift and effective operational cooperation, a network of the national CSIRTs is hereby established.

2.The CSIRTs network shall be composed of representatives of the Member States' CSIRTs and CERT-EU. The Commission shall participate in the CSIRTs network as an observer. ENISA shall provide the secretariat and shall actively support the cooperation among the CSIRTs.

3.The CSIRTs network shall have the following tasks:

(a)exchanging information on CSIRTs' services, operations and cooperation capabilities;

(b)at the request of a representative of a CSIRT from a Member State potentially affected by an incident, exchanging and discussing non-commercially sensitive information related to that incident and associated risks; however, any Member State's CSIRT may refuse to contribute to that discussion if there is a risk of prejudice to the investigation of the incident;

(c)exchanging and making available on a voluntary basis non-confidential information concerning individual incidents;

(d)at the request of a representative of a Member State's CSIRT, discussing and, where possible, identifying a coordinated response to an incident that has been identified within the jurisdiction of that same Member State;

(e)providing Member States with support in addressing cross-border incidents on the basis of their voluntary mutual assistance;

(f)discussing, exploring and identifying further forms of operational cooperation, including in relation to:

(g)informing the Cooperation Group of its activities and of the further forms of operational cooperation discussed pursuant to point (f), and requesting guidance in that regard;

(h)discussing lessons learnt from exercises relating to the security of network and information systems, including from those organised by ENISA;

(i)at the request of an individual CSIRT, discussing the capabilities and preparedness of that CSIRT;

(j)issuing guidelines in order to facilitate the convergence of operational practices with regard to the application of the provisions of this Article concerning operational cooperation.

4.For the purpose of the review referred to in Article 23 and by 9 August 2018, and every year and a half thereafter, the CSIRTs network shall produce a report assessing the experience gained with the operational cooperation, including conclusions and recommendations, pursued under this Article. That report shall also be submitted to the Cooperation Group.

5.The CSIRTs network shall lay down its own rules of procedure.

Article 13U.K.International cooperation

The Union may conclude international agreements, in accordance with Article 218 TFEU, with third countries or international organisations, allowing and organising their participation in some activities of the Cooperation Group. Such agreements shall take into account the need to ensure adequate protection of data.