NIS 2 Directive (Directive (EU) 2022/2555)

Requires Member States to designate a Computer Security Incident Response Teams (CSIRTs) as the coordinator for CVD. That CSIRT will act as a trusted intermediary between natural/legal persons reporting a vulnerability and the manufacturer of the ICT product or service. ENISA must also develop a European vulnerability database. This provision was adopted on October 17, 2024, and Member States are in the process of implementing these requirements. Full operational status is expected to be established progressively throughout 2025.