Awareness Training - Save 60% on Yearly Plan.
Start Training

Article 8

Competent authorities and single points of contact

1.   Each Member State shall designate or establish one or more competent authorities responsible for cybersecurity and for the supervisory tasks referred to in Chapter VII (competent authorities).

2.   The competent authorities referred to in paragraph 1 shall monitor the implementation of this Directive at national level.

3.   Each Member State shall designate or establish a single point of contact. Where a Member State designates or establishes only one competent authority pursuant to paragraph 1, that competent authority shall also be the single point of contact for that Member State.

4.   Each single point of contact shall exercise a liaison function to ensure cross-border cooperation of its Member State’s authorities with the relevant authorities of other Member States, and, where appropriate, with the Commission and ENISA, as well as to ensure cross-sectoral cooperation with other competent authorities within its Member State.

5.   Member States shall ensure that their competent authorities and single points of contact have adequate resources to carry out, in an effective and efficient manner, the tasks assigned to them and thereby to fulfil the objectives of this Directive.

6.   Each Member State shall notify the Commission without undue delay of the identity of the competent authority referred to in paragraph 1 and of the single point of contact referred to in paragraph 3, of the tasks of those authorities, and of any subsequent changes thereto. Each Member State shall make public the identity of its competent authority. The Commission shall make a list of the single points of contact publicly available.

Frequently Asked Questions

Competent authorities are specific organizations designated by each EU Member State to oversee cybersecurity and enforce the obligations defined by NIS2 at the national level, making sure that businesses and public institutions properly manage cyber risks and follow established security standards and procedures set out in the directive.
A single point of contact is a specific entity designated by each Member State to facilitate communication and cooperation between national authorities, other Member States, and European bodies like the European Commission and ENISA, helping coordinate cybersecurity matters efficiently across borders and within their own country.
Yes, each Member State must publicly identify its competent authorities responsible for cybersecurity, clearly stating their roles and duties, and share this information with the European Commission who makes a public list of single points of contact to ensure transparency and effective cross-border cybersecurity cooperation across the EU.
Member States are required to provide their competent authorities and single points of contact with sufficient resources—including staff, funds, and tools—so they have all necessary support to consistently, effectively, and quickly perform their cybersecurity roles, monitor compliance with NIS2, and enhance overall cybersecurity within the country.

NIS2 Training

Start Training

Get Started within 24 hours.

Once you have submitted your details, you’ll be our top priority!