Awareness Training - Save 60% on Yearly Plan.
Start Training

Article 10

Computer security incident response teams (CSIRTs)

1.   Each Member State shall designate or establish one or more CSIRTs. The CSIRTs may be designated or established within a competent authority. The CSIRTs shall comply with the requirements set out in Article 11(1), shall cover at least the sectors, subsectors and types of entity referred to in Annexes I and II, and shall be responsible for incident handling in accordance with a well-defined process.

2.   Member States shall ensure that each CSIRT has adequate resources to carry out effectively its tasks as set out in Article 11(3).

3.   Member States shall ensure that each CSIRT has at its disposal an appropriate, secure, and resilient communication and information infrastructure through which to exchange information with essential and important entities and other relevant stakeholders. To that end, Member States shall ensure that each CSIRT contributes to the deployment of secure information-sharing tools.

4.   The CSIRTs shall cooperate and, where appropriate, exchange relevant information in accordance with Article 29 with sectoral or cross-sectoral communities of essential and important entities.

5.   The CSIRTs shall participate in peer reviews organised in accordance with Article 19.

6.   Member States shall ensure the effective, efficient and secure cooperation of their CSIRTs in the CSIRTs network.

7.   The CSIRTs may establish cooperation relationships with third countries’ national computer security incident response teams. As part of such cooperation relationships, Member States shall facilitate effective, efficient and secure information exchange with those third countries’ national computer security incident response teams, using relevant information-sharing protocols, including the traffic light protocol. The CSIRTs may exchange relevant information with third countries’ national computer security incident response teams, including personal data in accordance with Union data protection law.

8.   The CSIRTs may cooperate with third countries’ national computer security incident response teams or equivalent third-country bodies, in particular for the purpose of providing them with cybersecurity assistance.

9.   Each Member State shall notify the Commission without undue delay of the identity of the CSIRT referred to in paragraph 1 of this Article and the CSIRT designated as coordinator pursuant to Article 12(1), of their respective tasks in relation to essential and important entities, and of any subsequent changes thereto.

10.   Member States may request the assistance of ENISA in developing their CSIRTs.

Frequently Asked Questions

A Computer Security Incident Response Team (CSIRT) is responsible for managing cybersecurity incidents by following a clear and defined process, ensuring that incidents affecting important sectors like energy, healthcare, transport and financial services are handled quickly and effectively, minimizing damage and supporting fast recovery after cyber threats and attacks.
Under the NIS2 directive, CSIRTs can form partnerships and regularly exchange cybersecurity-related information, including personal data when allowed by EU data protection laws, with similar security teams from countries outside the European Union, ensuring global collaboration to fight cyber threats and keep critical systems safe and secure for everyone involved.
Yes, each CSIRT must have a reliable and protected communication system and infrastructure, including secure information-sharing tools, to ensure they can safely exchange sensitive data with critical companies, organizations, other CSIRTs, and authorities both inside and outside the European Union, especially during major cybersecurity emergencies.
Member States can ask the European Union Agency for Cybersecurity (ENISA) for help when setting up and developing their CSIRTs, providing them access to specialized guidance and best-practice advice, training, tools, and expertise from experienced cybersecurity professionals, encouraging efficient operations and stronger cyber readiness across Europe.

NIS2 Training

Start Training

Get Started within 24 hours.

Once you have submitted your details, you’ll be our top priority!