Recital 43

As regards personal data, the CSIRTs should be able to provide, in accordance with Regulation (EU) 2016/679, upon the request of an essential or important entity, a proactive scanning of the network and information systems used for the provision of the entity’s services. Where applicable, Member States should aim to ensure an equal level of technical capabilities for all sectoral CSIRTs. Member States should be able to request the assistance of ENISA in developing their CSIRTs.