BETA

10 Amendments of Elsi KATAINEN related to 2020/0359(COD)

Amendment 9 #
Proposal for a directive
Recital 3
(3) Network and information systems have developed into a central feature of everyday life with the speedy digital transformation and interconnectedness of society, including in cross-border exchanges. That development has led to an expansion of the cybersecurity threat landscape, bringing about new challenges, which require adapted, coordinated and innovative responses in all Member States. The number, magnitude, sophistication, frequency and impact of cybersecurity incidents are increasing, and present a major threat to the functioning of network and information systems. As a result, cyber incidents can impede the pursuit of economic activities in the internal market, generate financial losses, undermine user confidence and cause major damage to the Union economy and society. Cybersecurity preparedness and effectiveness are therefore now more essential than ever to the proper functioning of the internal market. Moreover, cybersecurity is a key enabler for many critical sectors, such as transport, to successfully embrace the digital transformation and to fully grasp the economic, social and sustainable benefits of digitalisation.
2021/05/28
Committee: TRAN
Amendment 18 #
Proposal for a directive
Recital 12
(12) Sector-specific legislation and instruments can contribute to ensuring high levels of cybersecurity, while taking full account of the specificities and complexities of those sectors. Where a sector–specific Union legal act requires essential or important entities to adopt cybersecurity risk management measures or to notify incidents or significant cyber threats of at least an equivalent effect to the obligations laid down in this Directive, those sector-specific provisions, including on supervision and enforcement, should apply. In order to avoid overregulation, legal uncertainty and unnecessary administrative burden, in the interpretation and application of this Directive the Commission should ensure coherence between this Directive and the applicable sector-specific legislation. To this end, the Commission should identify duplications/overlapping in the respective legislation, regulatory requirements or procedures, with a view to remove them. In that regard, the Commission action should specifically aim at preventing the proliferation/overlapping/duplication of systems of notification in sectors where EU sector-specific legislation is already applied, such as the transport sector. The Commission may issue guidelines in relation to the implementation of the lex specialis. This Directive does not preclude the adoption of additional sector- specific Union acts addressing cybersecurity risk management measures and incident notifications. This Directive is without prejudice to the existing implementing powers that have been conferred to the Commission in a number of sectors, including transport and energy.
2021/05/28
Committee: TRAN
Amendment 20 #
Proposal for a directive
Recital 17
(17) Given the emergence of innovative technologies, such as artificial intelligence, and new business models, new cloud computing deployment and service models are expected to appear on the market in response to evolving customer needs. In that context, cloud computing services may be delivered in a highly distributed form, even closer to where data are being generated or collected, thus moving from the traditional model to a highly distributed one (‘edge computing’).
2021/05/28
Committee: TRAN
Amendment 25 #
Proposal for a directive
Recital 33
(33) When developing guidance documents, the Cooperation Group should consistently: map national solutions and experiences, assess the impact of Cooperation Group deliverables on national approaches, discuss implementation challenges and formulate specific recommendations to be addressed through better implementation of existing rules. The Cooperation Group should also map the national solutions in order to promote compatibility of cybersecurity solutions applied to each specific sector across Europe. This is particular relevant for the sectors which have an international and cross-border nature such as transport.
2021/05/28
Committee: TRAN
Amendment 32 #
(47) The supply chain risk assessments, in light of the features of the sector concerned, should take into account both technical and, where relevant, non- technical factors including those defined in Recommendation (EU) 2019/534, in the EU wide coordinated risk assessment of 5G networks security and in the EU Toolbox on 5G cybersecurity agreed by the Cooperation Group. To identify the supply chains that should be subject to a coordinated risk assessment, the following criteria should be taken into account: (i) the extent to which essential and important entities use and rely on specific critical ICT services, systems or products; (ii) the relevance of specific critical ICT services, systems or products for performing critical or sensitive functions, including the processing of personal data; (iii) the availability of alternative ICT services, systems or products; (iv) the resilience of the overall supply chain of ICT services, systems or products against disruptive events (iva) the extent to which specific critical ICT services, systems or products directly used by consumers are resilient and compliant with a customer friendly approach; and (v) for emerging ICT services, systems or products, their potential future significance for the entities’ activities.
2021/05/28
Committee: TRAN
Amendment 41 #
Proposal for a directive
Article 12 – paragraph 4 – point b a (new)
(b a) mapping the national solutions in order to promote compatibility ofcybersecurity solutions applied to each specific sector across Europe;
2021/05/28
Committee: TRAN
Amendment 43 #
Proposal for a directive
Article 16 – paragraph 1 – point iii a (new)
(iii a) recommendations on how to improve coherence and legal certainty in the interpretation and application of this Directive and the applicable sector- specific legislation, with a focus on identifying and removing duplications or overlapping in the respective legislation, regulatory requirements or procedures;
2021/05/28
Committee: TRAN
Amendment 44 #
Proposal for a directive
Article 18 – paragraph 2 – point b a (new)
(b a) adoption of programmes for increasing employees competences and practical experience meeting the high cybersecurity standards;
2021/05/28
Committee: TRAN
Amendment 57 #
Proposal for a directive
Article 21 – paragraph 1
1. In order to demonstrate compliance with certain requirements of Article 18, Member States may requirshall encourage essential and important entities to certify certain ICT products, ICT services and ICT processes, either developed by the essential or important entity or procured from third parties, under specific European cybersecurity certification schemes adopted pursuant to Article 49 of Regulation (EU) 2019/881. The products, services and processes subject to certification may be developed by an essential or important entity or procured from third parti or under similar internationally recognised certification schemes.
2021/05/28
Committee: TRAN
Amendment 61 #
Proposal for a directive
Article 21 – paragraph 2
2. The Commission shall be empowered to adopt delegated acts specifying which categories of essential entities shall be required to obtain a certificate and under which specific European cybersecurity certification schemes pursuant to paragraph 1. The delegated acts shall be adopted in accordance with Article 36.
2021/05/28
Committee: TRAN