Member States should designate one of its CSIRTs as a coordinator, acting as a trusted intermediary between the reporting natural or legal persons and the manufacturers or providers of ICT products or ICT services, which are likely to be affected by the vulnerability, where necessary. The tasks of the CSIRT designated as coordinator should include identifying and contacting the entities concerned, assisting the natural or legal persons reporting a vulnerability, negotiating disclosure timelines and managing vulnerabilities that affect multiple entities (multi-party coordinated vulnerability disclosure). Where the reported vulnerability could have significant impact on entities in more than one Member State, the CSIRTs designated as coordinators should cooperate within the CSIRTs network, where appropriate.
NIS2 Recital EN
Recital 61
Related across sources
News Rb. Den Haag - C/09/689833 News A New Bill Takes Aim at Government Pressure to Silence Lawful Online Speech News LinkedIn locks your GDPR rights behind a paywall Guidance Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679 Guidance Guidelines 03/2022 on Deceptive design patterns in social media platform interfaces: how to recognise and avoid them Guidance Guidelines 01/2021