1 minute read
Minimum harmonisation (Article 3
Annex I and II should only focus on those parts of a company that are important for operative continuity and the protection of know-how and trade secrets.
Annex II should be revised as follows:
2. Municipal waste management: Undertakings carrying out waste management referred to in points (9) of Article 3 of Directive 2008/98/EC (29) of municipal waste but excluding undertakings for whom waste management is not their principal economic activity
Amend Annex A.2(6) to recognise Part IS as proposed in EASA Opinion 03/2020 as sector-specific legislation to be considered a lex specialis for aviation manufacturing as an important entity.
Furthermore, the following definitions in Article 4 needed to be revised:
(17)‘online marketplace’ means a digital service within the meaning of (insert correct reference, the current one seems to be incorrect). Excluded from this definition are those online marketplaces, where the activities on the marketplace contribute to less than 10 percent of an enterprise’s annual revenues.
(19)‘cloud computing service’ means a digital service that in its core function enables on-demand administration and broad remote access to a scalable and elastic pool of shareable and distributed computing resources. Excluded from this definition are services that utilise cloud computing services of a third party in order to provide their own service outside the area of “cloud computing”.
Minimum harmonisation (Article 3)
Summary of legislative proposal:
Member States may adopt or maintain provisions ensuring a higher level of cybersecurity.
BDI’s position:
German industry advocates a holistic, overlap-free, EU-wide harmonised regulatory framework on cybersecurity that strikes the right balance between enhancing the EU’s cyber-resilience while avoiding over-regulation and imposing unduly high burdens on European companies. Therefore, Member States should make limited use of the possibility to introduce more far-reaching requirements than those stated in the NIS 2-Directive. Such additional legislative requirements should be limited to sectors that are specific to or possess specific characteristics in one Member State. With the current proposal the co-legislator again misses an opportunity to foster harmonisation and legal clarity across the Single Market. The proposal also does not sufficiently address the urgent need to reduce double regulation. During the trilogue, the co-legislators should strive to create a coherent common level of cybersecurity within the internal market.
