Article 4, NIS 2 Directive (Proposal 16.12.2020).
Definitions
For the purposes of this Directive, the following definitions apply:
(1) ‘network and information system’ means:
(a) an electronic communications network within the meaning of Article 2(1) of Directive (EU) 2018/1972;
(b) any device or group of inter–connected or related devices, one or more of which, pursuant to a program, perform automatic processing of digital data;
(c) digital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance;
(2) ‘security of network and information systems’ means the ability of network and information systems to resist, at a given level of confidence, any action that compromises the availability, authenticity, integrity or confidentiality of stored or transmitted or processed data or the related services offered by, or accessible via, those network and information systems;
(3) ‘cybersecurity’ means cybersecurity within the meaning of Article 2(1) of Regulation (EU) 2019/881 of the European Parliament and of the Council 33 ;
(4) ‘national strategy on cybersecurity’ means a coherent framework of a Member State providing strategic objectives and priorities on the security of network and information systems in that Member State;
(5) ‘incident’ means any event compromising the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the related services offered by, or accessible via, network and information systems;
(6) ‘incident handling’ means all actions and procedures aiming at detection, analysis and containment of and a response to an incident;
(7) ‘cyber threat’ means a cyber threat within the meaning Article 2(8) of Regulation (EU) 2019/881;
(8) ‘vulnerability’ means a weakness, susceptibility or flaw of an asset, system, process or control that can be exploited by a cyber threat;
(9) ‘representative’ means any natural or legal person established in the Union explicitly designated to act on behalf of i) a DNS service provider, a top-level domain (TLD) name registry, a cloud computing service provider, a data centre service provider, a content delivery network provider as referred to in point 8 of Annex I or ii) entities referred to in point 6 of Annex II that are not established in the Union, which may be addressed by a national competent authority or a CSIRT instead of the entity with regard to the obligations of that entity under this Directive;
(10) ‘standard’ means a standard within the meaning of Article 2(1) of Regulation (EU) No 1025/2012 of the European Parliament and of the Council 34 ;
(11) ‘technical specification’ means a technical specification within the meaning of Article 2(4) of Regulation (EU) No 1025/2012;
(12) ‘internet exchange point (IXP)’ means a network facility which enables the interconnection of more than two independent networks (autonomous systems), primarily for the purpose of facilitating the exchange of internet traffic; an IXP provides interconnection only for autonomous systems; an IXP does not require the internet traffic passing between any pair of participating autonomous systems to pass through any third autonomous system, nor does it alter or otherwise interfere with such traffic;
(13) ‘domain name system (DNS)’ means a hierarchical distributed naming system which allows end-users to reach services and resources on the internet;
(14) ‘DNS service provider’ means an entity that provides recursive or authoritative domain name resolution services to internet end-users and other DNS service providers;
(15) ‘top–level domain name registry’ means an entity which has been delegated a specific TLD and is responsible for administering the TLD including the registration of domain names under the TLD and the technical operation of the TLD, including the operation of its name servers, the maintenance of its databases and the distribution of TLD zone files across name servers;
(16) ‘digital service’ means a service within the meaning of Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and of the Council 35 ;
(17) ‘online marketplace’ means a digital service within the meaning of Article 2 point (n) of Directive 2005/29/EC of the European Parliament and of the Council 36 ;
(18) ‘online search engine’ means a digital service within the meaning of Article 2(5) of Regulation (EU) 2019/1150 of the European Parliament and of the Council 37 ;
(19) ‘cloud computing service’ means a digital service that enables on-demand administration and broad remote access to a scalable and elastic pool of shareable and distributed computing resources;
(20) ‘data centre service’ means a service that encompasses structures, or groups of structures, dedicated to the centralised accommodation, interconnection and operation of information technology and network equipment providing data storage, processing and transport services together with all the facilities and infrastructures for power distribution and environmental control;
(21) ‘content delivery network’ means a network of geographically distributed servers for the purpose of ensuring high availability, accessibility or fast delivery of digital content and services to internet users on behalf of content and service providers;
(22) ‘social networking services platform’ means a platform that enables end-users to connect, share, discover and communicate with each other across multiple devices, and in particular, via chats, posts, videos and recommendations);
(23) ‘public administration entity’ means an entity in a Member State that complies with the following criteria:
(a) it is established for the purpose of meeting needs in the general interest and does not have an industrial or commercial character;
(b) it has legal personality;
(c) it is financed, for the most part, by the State, regional authority, or by other bodies governed by public law; or it is subject to management supervision by those authorities or bodies; or it has an administrative, managerial or supervisory board, more than half of whose members are appointed by the State, regional authorities, or by other bodies governed by public law;
(d) it has the power to address to natural or legal persons administrative or regulatory decisions affecting their rights in the cross-border movement of persons, goods, services or capital.
Public administration entities that carry out activities in the areas of public security, law enforcement, defence or national security are excluded.
(24) ‘entity’ means any natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;
(25) ‘essential entity’ means any entity of a type referred to as an essential entity in Annex I;
(26) ‘important entity’ means any entity of a type referred to as an important entity in Annex II.
Note: This is not the final text of the NIS 2 Directive. This is the text of the NIS 2 Directive Proposal of 16.12.2020.