In order to make enforcement effective, a minimum list of enforcement powers that can be exercised for breach of the cybersecurity risk-management measures and reporting obligations provided for in this Directive should be laid down, setting up a clear and consistent framework for such enforcement across the Union. Due regard should be given to the nature, gravity and duration of the infringement of this Directive, the material or non-material damage caused, whether the infringement was intentional or negligent, actions taken to prevent or mitigate the material or non-material damage, the degree of responsibility or any relevant previous infringements, the degree of cooperation with the competent authority and any other aggravating or mitigating factor. The enforcement measures, including administrative fines, should be proportionate and their imposition should be subject to appropriate procedural safeguards in accordance with the general principles of Union law and the Charter of Fundamental Rights of the European Union (the โCharterโ), including the right to an effective remedy and to a fair trial, the presumption of innocence and the rights of the defence.
NIS2 Recital EN
Recital 127
Related across sources
Guidance Guidelines 9/2022 on personal data breach notification under GDPR Guidance Guidelines 04/2022 on the calculation of administrative fines under the GDPR Guidance Guidelines 01/2022 on data subject rights - Right of access Guidance Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Version 2.0 Adopted on 20 October 2020 Guidance Guidelines 02/2022 on the application of Article 60 GDPR Guidance Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement