Awareness Training - Save 60% on Yearly Plan.
Start Training

Article 37

Mutual assistance

1.   Where an entity provides services in more than one Member State, or provides services in one or more Member States and its network and information systems are located in one or more other Member States, the competent authorities of the Member States concerned shall cooperate with and assist each other as necessary. That cooperation shall entail, at least, that:

(a)

the competent authorities applying supervisory or enforcement measures in a Member State shall, via the single point of contact, inform and consult the competent authorities in the other Member States concerned on the supervisory and enforcement measures taken;

(b)

a competent authority may request another competent authority to take supervisory or enforcement measures;

(c)

a competent authority shall, upon receipt of a substantiated request from another competent authority, provide the other competent authority with mutual assistance proportionate to its own resources so that the supervisory or enforcement measures can be implemented in an effective, efficient and consistent manner.

The mutual assistance referred to in the first subparagraph, point (c), may cover information requests and supervisory measures, including requests to carry out on-site inspections or off-site supervision or targeted security audits. A competent authority to which a request for assistance is addressed shall not refuse that request unless it is established that it does not have the competence to provide the requested assistance, the requested assistance is not proportionate to the supervisory tasks of the competent authority, or the request concerns information or entails activities which, if disclosed or carried out, would be contrary to the essential interests of the Member State’s national security, public security or defence. Before refusing such a request, the competent authority shall consult the other competent authorities concerned as well as, upon the request of one of the Member States concerned, the Commission and ENISA.

2.   Where appropriate and with common agreement, the competent authorities of various Member States may carry out joint supervisory actions.

Frequently Asked Questions

Mutual assistance under the NIS2 directive means authorities from different EU Member States must work closely together and support each other in cybersecurity supervision, sharing information, and enforcement of rules when companies offer services or have network systems in several Member States, ensuring unified and effective cybersecurity management across borders.
A Member State authority can refuse a request for mutual assistance only if it lacks authority to fulfill the request, if the requested support is outside its official responsibilities, or if fulfilling the request would risk the country’s essential national interests—such as national security or public safety—and it must consult other authorities before refusing.
Mutual assistance can include sharing information, conducting on-site or off-site inspections, security audits, or supervisory activities requested by a competent authority in another Member State, and these actions aim to efficiently monitor and enforce cybersecurity obligations across different EU countries in a consistent and cooperative manner.
Yes, Member States can agree together to perform joint cybersecurity supervision actions, helping to strengthen coordination, efficiency, and consistency in their supervisory tasks, ensuring cross-border cybersecurity risks are handled more effectively by collaborating closely rather than each Member State working separately and in isolation.

NIS2 Training

Start Training

Get Started within 24 hours.

Once you have submitted your details, you’ll be our top priority!