Security Statement - Compliance with NIS2/CER Directives

This page serves as an extension of the Security Section on the octodoc.io website, addressing general aspects of Compliance with the NIS2/CER directives. The security and privacy requirements associated with these directives are crucial for digital service providers and customers within the European Union. The following text provides an overview of these directives and their impact on the procurement of services. Please refer to local authorities’ websites for specific national application details.

Compliance with NIS2/CER Directives for the Service and Software

1. Scope of NIS2 Directive

According to the NIS2 directive, digital service providers defined in Annex 2 fall within the directive’s scope. Specific requirements and obligations for these providers are designed to ensure a high level of cybersecurity and uninterrupted services. Country-specific service resellers determine, on a case-by-case basis, whether their clients fall within the scope of this directive.

2. Directive Content and Scope

The NIS2 directive establishes clear requirements for digital service providers, emphasizing cybersecurity and the provision of uninterrupted services. Each provider must adhere to these standards to ensure that their service complies with the directive’s set requirements.

3. CER Directive-related Clientele

The CER directive imposes specific requirements and obligations on clientele to ensure a high level of data protection and cybersecurity. Clients falling under the CER directive are obligated to rigorously adhere to these provisions to guarantee appropriate data protection and cybersecurity levels.

4. Client Responsibility for Notification

The end-user client utilizing the service is personally responsible for notifying the service or product reseller if they are aware of procedures compliant with these directives. This obligation ensures active participation by end-users in adhering to the directive and promoting high levels of cybersecurity and data protection.

5. Risk Management Measures – Responsibilities of the Service Provider and Reseller

Depending on the technical implementation, the service provider or reseller is responsible for standard IT precautions outlined in the service description, such as backups or system redundancy. However, the end-user client is responsible for implementing all necessary risk management measures, including communicating the need for risk reduction.

6. Resilience Clientele: Resilience and Continuity Management

Clients focused on resilience must ensure high resilience and effective continuity management. This requires meticulous planning, regular crisis management exercises, and the maintenance of backup systems. End-users must choose a service implementation that considers resilience as part of their infrastructure deployment.

This document has been prepared in accordance with the NIS2 and CER directives and their annexes to ensure the secure and reliable provision of services to digital service providers and their clients.