Article 12 Network Information System (NIS) CSIRTs network

  1. In order to contribute to the development of confidence and trust between the Member States and to promote swift and effective operational cooperation, a network of the national CSIRTs is hereby established.
  2. The CSIRTs network shall be composed of representatives of the Member States’ CSIRTs and CERT-EU. The Commission shall participate in the CSIRTs network as an observer. ENISA shall provide the secretariat and shall actively support the cooperation among the CSIRTs.
  3. The CSIRTs network shall have the following tasks:
    1. exchanging information on CSIRTs’ services, operations and cooperation capabilities;
    2. at the request of a representative of a CSIRT from a Member State potentially affected by an incident, exchanging and discussing non-commercially sensitive information related to that incident and associated risks; however, any Member State’s CSIRT may refuse to contribute to that discussion if there is a risk of prejudice to the investigation of the incident;
    3. exchanging and making available on a voluntary basis non-confidential information concerning individual incidents;
    4. at the request of a representative of a Member State’s CSIRT, discussing and, where possible, identifying a coordinated response to an incident that has been identified within the jurisdiction of that same Member State;
    5. providing Member States with support in addressing cross-border incidents on the basis of their voluntary mutual assistance;
    6. discussing, exploring and identifying further forms of operational cooperation, including in relation to:
      1. categories of risks and incidents;
      2. early warnings;
      3. mutual assistance;
      4. principles and modalities for coordination, when Member States respond to cross-border risks and incidents;
    7. informing the Cooperation Group of its activities and of the further forms of operational cooperation discussed pursuant to point(f), and requesting guidance in that regard;
    8. discussing lessons learnt from exercises relating to the security of network and information systems, including from those organised by ENISA;
    9. at the request of an individual CSIRT, discussing the capabilities and preparedness of that CSIRT;
    10. issuing guidelines in order to facilitate the convergence of operational practices with regard to the application of the provisions of this Article concerning operational cooperation.
  4. For the purpose of the review referred to in Article 23 and by 9 August 2018, and every year and a half thereafter, the CSIRTs network shall produce a report assessing the experience gained with the operational cooperation, including conclusions and recommendations, pursued under this Article. That report shall also be submitted to the Cooperation Group.
  5. The CSIRTs network shall lay down its own rules of procedure.