The text of the Cyber Solidarity Act (Proposal, 18.4.2023)



Article 2, Definitions


For the purposes of this Regulation, the following definitions apply:


(1) ‘Cross-border Security Operations Centre’ (“Cross-border SOC”) means a multi-country platform, that brings together in a coordinated network structure national SOCs from at least three Member States who form a Hosting Consortium, and that is designed to prevent cyber threats and incidents and to support the production of high-quality intelligence, notably through the exchange of data from various sources, public and private, as well as through the sharing of state-of-the-art tools and jointly developing cyber detection, analysis, and prevention and protection capabilities in a trusted environment;


(2) ‘public body’ means a body governed by public law as defined in Article 2((1), point (4),), of Directive 2014/24/EU of the European Parliament and the Council;


(3) ‘Hosting Consortium’ means a consortium composed of participating states, represented by National SOCs, that have agreed to establish and contribute to the acquisition of tools and infrastructure for, and operation of, a Cross-border SOC;


(4) ‘entity’ means an entity as defined in Article 6, point (38), of Directive (EU) 2022/2555;


(5) ‘entities operating in critical or highly critical sectors’ means type of entities listed in Annex I and Annex II of Directive (EU) 2022/2555;


(6) ‘cyber threat’ means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881;


(7) ‘significant cybersecurity incident’ means a cybersecurity incident fulfilling criteria set out in Article 23(3) of Directive (EU) 2022/2555;


(8) ‘large-scale cybersecurity incident’ means an incident as defined in Article 6, point (7) of Directive (EU)2022/2555;


(9) ‘preparedness’ means a state of readiness and capability to ensure an effective rapid response to a significant or large-scale cybersecurity incident, obtained as a result of risk assessment and monitoring actions taken in advance;


(10) ‘response’ means action in the event of a significant or large-scale cybersecurity incident, or during or after such an incident, to address its immediate and short-term adverse consequences;


(11) ‘trusted providers’ means managed security service providers as defined in Article 6, point (40), of Directive (EU) 2022/2555 selected in accordance with Article 16 of this Regulation.


Note: This is the Proposal for a Regulation of the European Parliament and the Council laying down measures to strengthen solidarity and capacities in the Union to detect, prepare for and respond to cybersecurity threats and incidents of 18.4.2023 (proposal for the EU Cyber Solidarity Act). This is NOT the final text of the EU Cyber Solidarity Act.