Essential and important entities should ensure the security of the network and information systems which they use in their activities. Those systems are primarily private network and information systems managed by the essential and important entities’ internal IT staff or the security of which has been outsourced. The cybersecurity risk-management measures and reporting obligations laid down in this Directive should apply to the relevant essential and important entities regardless of whether those entities maintain their network and information systems internally or outsource the maintenance thereof.
NIS2 Recital EN
Recital 83
Related across sources
Guidance Guidelines 9/2022 on personal data breach notification under GDPR News CNIL (France) - SAN-2025-015 Guidance Guidelines 8/2020 on the targeting of social media users Guidance Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679 Guidance Guidelines 05/2020 on consent under Regulation 2016/679 Guidance Guidelines 02/2022 on the application of Article 60 GDPR