12 Amendments of Kosma ZŁOTOWSKI related to 2020/0365(COD)
Amendment 120 #
Proposal for a directive
Recital 20
Recital 20
(20) In order to be able to ensure their resilience, critical entities should have a comprehensive understanding of all relevant risks to which they are exposed and analyse those risks. To that aim, they should carry out risks assessments, whenever necessary in view of their particular circumstances and the evolution of those risks, yet in any event every four years. The risk assessments by critical entities should be based on the risk assessment carried out by Member States. They should also be based on common specifications and methodologies for each sector. They should include minimum indicators, in order to avoid further divergences between Member States, and contingency protocols.
Amendment 132 #
Proposal for a directive
Article 2 – paragraph 1 – point 5
Article 2 – paragraph 1 – point 5
(5) “essential service” means a service which is essential for the maintenance of vital societal functions or economic activities and the provision of that service or of other essential services would be significantly disrupted by an incident;
Amendment 140 #
Proposal for a directive
Article 4 – paragraph 1 – subparagraph 1
Article 4 – paragraph 1 – subparagraph 1
Competent authorities designated pursuant to Article 8 shall establish a list of essential services in the sectors referred to in the Annex. They shall carry out by [three years after entry into force of this Directive], and subsequently where necessary, and at least every four years, an assessment of all relevant risks that may affect the provision of those essential services, with a view to identifywith a view to identifying essential services, and the corresponding critical entities in accordance with Article 5(1), and assisting those critical entities to take measures pursuant to Article 11.
Amendment 144 #
Proposal for a directive
Article 4 – paragraph 4
Article 4 – paragraph 4
4. Each Member State shall provide the Commission with data on the types of risks identified and the outcomes of the risk assessments, per sector and sub-sector referred to in the Annex, by [three years after entry into force of this Directive] and subsequently where necessary and at least every fourive years.
Amendment 147 #
Proposal for a directive
Article 5 – paragraph 2 – point c
Article 5 – paragraph 2 – point c
Amendment 149 #
Proposal for a directive
Article 5 – paragraph 3 – subparagaph 1
Article 5 – paragraph 3 – subparagaph 1
Each Member State shall establish a list of the critical entities identified and ensure that those critical entities are notified of their identification as critical entities within onthree months of that identification, informing them of their obligations pursuant to Chapters II and III and the date from which the provisions of those Chapters apply to them.
Amendment 153 #
Proposal for a directive
Article 6 – paragraph 1 – introductory part
Article 6 – paragraph 1 – introductory part
1. When determining the significance of a disruptive effect as referred to in point (c5) of Article 5(22(1), Member States shall take into account the following criteria:
Amendment 161 #
Proposal for a directive
Article 10 – paragraph 2
Article 10 – paragraph 2
The risk assessment shall account for all relevant risks referred to in Article 4(1) which could lead to the disruption of the provision of essential services which would hinder the proper functioning of the internal market. It shall take into account any dependency of other sectors referred to in the Annex on the essential service provided by the critical entity, including in neighbouring Member States and third countries where relevant, and the impact that a disruption of the provision of essential services in one or more of those sectors may have on the essential service provided by the critical entity.
Amendment 168 #
Proposal for a directive
Article 11 – paragraph 2
Article 11 – paragraph 2
2. Member States shall ensure that critical entities have in place and apply a resilience plan or equivalent document or documents, describing in detail the measures pursuant totailing the measures in accordance with paragraph 1. Where critical entities have takenput in place measures pursuant to obligations contained in other acts of Union lawlaid down in other Union legislation that are also relevant forto the measures referred to in paragraph 1, they shall also describe those measures in the resilience plan or equivalent document or documents. The resilience plan shall further describe the critical entity's organisational arrangements to ensure business continuity in accordance with ISO 22301 and adequate information security in accordance with ISO/IEC 27001;
Amendment 170 #
Proposal for a directive
Article 11 – paragraph 4
Article 11 – paragraph 4
Amendment 174 #
Proposal for a directive
Article 13 – paragraph 1
Article 13 – paragraph 1
1. Member States shall ensure that critical entities notify without undue delay, but no later than 24 hours after the detection of the incident the competent authority of incidents that significantly disrupt or have the potential to significantly disrupt their operations. Notifications shall include any available information necessary to enable the competent authority to understand the nature, cause and possible consequences of the incident, including so as to determine any cross-border impact of the incident. Such notification shall not make the critical entities subject to increased liability.
Amendment 178 #
Proposal for a directive
Article 13 – paragraph 2 – point a
Article 13 – paragraph 2 – point a
(a) the estimated number of users affected by the disruption or potential disruption;