15 Amendments of Iskra MIHAYLOVA related to 2020/0359(COD)
Amendment 109 #
Proposal for a directive
Recital 15
Recital 15
(15) Upholding and preserving a reliable, resilient and secure domain name system (DNS) is a key factor in maintaining the integrity of the Internet and is essential for its continuous and stable operation, on which the digital economy and society depend. Therefore, this Directive should apply to all providers of DNS services along the DNS resolution chain, including operators of root name servers, top-level-domain (TLD) name servers, authoritative name servers for domain names and recursive resolpublicly available recursive domain name resolution services and authoritative domain name resolution services. This Directive does not apply to root name servers.
Amendment 129 #
Proposal for a directive
Recital 26
Recital 26
(26) Given the importance of international cooperation on cybersecurity, CSIRTs should be able to participate in international cooperation networks, including with CSIRTs outside the Union, in addition to the CSIRTs network established by this Directive.
Amendment 155 #
Proposal for a directive
Recital 45
Recital 45
(45) Entities should also address cybersecurity risks stemming from their interactions and relationships with other stakeholders within a broader ecosystem, including to counter industrial espionage and to protect trade secrets. In particular, entities should take appropriate measures to ensure that their cooperation with academic and research institutions takes place in line with their cybersecurity policies and follows good practices as regards secure access and dissemination of information in general and the protection of intellectual property in particular. Similarly, given the importance and value of data for the activities of the entities, when relying on data transformation and data analytics services from third parties, the entities should take all appropriate cybersecurity measures.
Amendment 161 #
Proposal for a directive
Recital 48
Recital 48
(48) In order to streamline the legal obligations imposed on providers of public electronic communications networks or publicly available electronic communications services, and trust service providers related to the security of their network and information systems, as well as to enable those entities and their respective competent authorities to benefit from the legal framework established by this Directive (including designation of CSIRT responsible for risk and incident handling, participation of competent authorities and bodies in the work of the Cooperation Group and the CSIRT network), they should be included in the scope of application of this Directive. The corresponding provisions laid down in Regulation (EU) No 910/2014 of the European Parliament and of the Council22 and Directive (EU) 2018/1972 of the European Parliament and of the Council23 related to the imposition of security and notification requirement on these types of entities should therefore be repealed. The rules on reporting obligations should be without prejudice to Regulation (EU) 2016/679 and Directive 2002/58/EC of the European Parliament and of the Council24 . _________________ 22Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73). 23Directive (EU) 2018/1972 of the European Parliament and of the Council of 11 December 2018 establishing the European Electronic Communications Code (OJ L 321, 17.12.2018, p. 36).rules on reporting obligations should be without prejudice to Regulation (EU) 2016/679 and Directive 2002/58/EC of the European Parliament and of the Council24 . _________________ 24Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (OJ L 201, 31.7.2002, p. 37).
Amendment 188 #
Proposal for a directive
Recital 63
Recital 63
(63) All essential and important entities under this Directive should fall under the jurisdiction of the Member State where they provide their services or carry out their activities. If the entity provides services in more than one Member State, it should fall under the separate and concurrent jurisdiction of each of these Member States. The competent authorities of these Member States should cooperate, provide mutual assistance to each other and where appropriate, carry out joint supervisory actions.
Amendment 215 #
Proposal for a directive
Article 2 – paragraph 1
Article 2 – paragraph 1
1. This Directive applies to public and private entities of a type referred to as essential entities in Annex I and as important entities in Annex II that provide their services or carry out their activities within the Union. This Directive does not apply to entities that qualify as micro and small enterprises within the meaning of Commission Recommendation 2003/361/EC.28 _________________ 28 Commission Recommendation 2003/361/EC of 6 May 2003 concerning the definition of micro, small and medium- sized enterprises (OJ L 124, 20.5.2003, p. 36).
Amendment 251 #
Proposal for a directive
Article 4 – paragraph 1 – point 13
Article 4 – paragraph 1 – point 13
(13) ‘domain name system (DNS)’ means a hierarchical, distributed naming system which allows end-is usersd to reach identify Internet services and resources on the internet;, allowing end user devices to make use of Internet routing and connectivity services to reach those services and resources.
Amendment 299 #
Proposal for a directive
Article 5 – paragraph 2 a (new)
Article 5 – paragraph 2 a (new)
2a. A policy to help authorities build awareness and understanding of the security considerations needed to design, build, and manage connected places.
Amendment 300 #
Proposal for a directive
Article 5 – paragraph 2 b (new)
Article 5 – paragraph 2 b (new)
2b. A policy specifically addressing the ransomware threat and disrupting the ransomware business model.
Amendment 351 #
Proposal for a directive
Article 12 – paragraph 4 – point k a (new)
Article 12 – paragraph 4 – point k a (new)
(ka) providing a yearly assessment in cooperation with ENISA on which Nation States are harbouring ransomware criminals.
Amendment 464 #
Proposal for a directive
Article 20 – paragraph 5 a (new)
Article 20 – paragraph 5 a (new)
5a. Member States shall establish a single entry point for all notifications required under this Directive.
Amendment 465 #
Proposal for a directive
Article 20 – paragraph 5 b (new)
Article 20 – paragraph 5 b (new)
5b. ENISA, in cooperation with the Cooperation Group, shall develop common notification templates by means of guidelines that would simplify and streamline the reporting information requested by Union law.
Amendment 588 #
Proposal for a directive
Article 37 – paragraph 3 – subparagraph 1 a (new)
Article 37 – paragraph 3 – subparagraph 1 a (new)
Where no opinion is delivered, the draft implementing act may not be adopted.
Amendment 591 #
Proposal for a directive
Article 39
Article 39
Amendment 595 #
Proposal for a directive
Article 40 – paragraph 1
Article 40 – paragraph 1
Articles 40 and 41 of Directive (EU) 2018/1972 are deleted 18 months after the date of entry into force of this Directive.