10 Amendments of Nils TORVALDS related to 2013/0027(COD)
Amendment 36 #
Proposal for a directive
Recital 15 a (new)
Recital 15 a (new)
(15a) Already existing national cooperation mechanisms between public and private operators should be fully respected and the provisions stipulated in this Directive should not undermine such established cooperation arrangements.
Amendment 40 #
Proposal for a directive
Recital 18
Recital 18
(18) On the basis in particular of national crisis management experiences and in cooperation with ENISA, the Commission and the Member States should develop a Union NIS cooperation plan definindicating cooperation mechanisms to counter risks and incidents. That plan should be duly taken into account in the operation of early warnings within the cooperation network.
Amendment 44 #
Proposal for a directive
Recital 22
Recital 22
(22) Responsibilities in ensuring NIS lie to a great extent on public administrations and market operators. A culture of risk management, involving risk assessment and the implementation of security measures appropriate to the risks faced should be promoted and developed through appropriate regulatory requirements and voluntary industry practices. Where such a culture of risk management already exists, and, in particular, where it relies on voluntary practices, it should be supported, strengthened and shared. Establishing a level playing field is also essential to the effective functioning of the cooperation network to ensure effective cooperation from all Member States.
Amendment 48 #
Proposal for a directive
Recital 24
Recital 24
(24) Those obligations should be extended beyond the electronic communications sector to key providers of information society services, as defined in Directive 98/34/EC of the European Parliament and of the Council of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations and of rules on Information Society services27 , which underpin downstream information society services or on-line activities, such as e- commerce platforms, Internet payment gateways, social networks, search engines, cloud computing services, application stores. Disruption of these enabling information society services prevents the provision of other information society services which rely on them as key inputs. Software developers and hardware manufacturers are noplay an important providers of information society services and are therefore excludedle in safeguarding software and hardware against both intentional and unintentional backdoors, which can have negative impacts on the right to data privacy and network and information security, and should therefore also be included under the scope of this Directive. Those obligations should also be extended to public administrations, and operators of critical infrastructure which rely heavily on information and communications technology and are essential to the maintenance of vital economical or societal functions such as electricity and gas, transport, credit institutions, stock exchange and health. Disruption of those network and information systems would affect the internal market. __________________ 27 OJ L 204, 21.7.1998, p. 37.
Amendment 51 #
Proposal for a directive
Recital 26 a (new)
Recital 26 a (new)
(26a) The use of both intentional and unintentional backdoors in soft- and hardware used by key providers of information society services is of specific concern. The use of these intentional and unintentional backdoors for the processing of personal data shall be lawful only under legal obligation or legal necessity based on Union or Member State law.
Amendment 53 #
Proposal for a directive
Recital 27
Recital 27
(27) To avoid imposing a disproportionate financial and administrative burden on small operators and users, the requirements should be proportionate to the risk presented by the network or information system concerned, taking into account the state of the art of such measures. These requirements should not apply to micro enterprises.
Amendment 76 #
Proposal for a directive
Article 3 – point 6
Article 3 – point 6
(6) ‘NIS cooperation plan’ means a plan establishing than indicative framework for organisational roles, responsibilities and procedures to maintain or restore the operation of networks and information systems, in the event of a risk or an incident affecting them;
Amendment 111 #
Proposal for a directive
Article 12 – paragraph 2 – point a – indent 1
Article 12 – paragraph 2 – point a – indent 1
– an indicative definition of the format and procedures for the collection and sharing of compatible and comparable information on risks and incidents by the competent authorities,
Amendment 112 #
Proposal for a directive
Article 12 – paragraph 2 – point a – indent 2
Article 12 – paragraph 2 – point a – indent 2
– a definition of the procedures and the criteria for the assessment of the risks and incidents by the cooperation network.
Amendment 115 #
Proposal for a directive
Article 14 – paragraph 1
Article 14 – paragraph 1
1. Member States shall ensure that public administrations and market operators take appropriate and proportional technical and organisational measures to manage the risks posed to the security of the networks and information systems which they control and use in their operations. Having regard to the state of the art, these measures shall guarantee a level of security appropriate to the risk presented. In particular, measures shall be taken to prevent and minimise the impact of incidents affecting their network and information system on the core services they provide and thus ensure the continuity of the services underpinned by those networks and information systems.