Erwägungsgrund 15
The relevant entities should manage the risks stemming from the acquisition of ICT products or ICT services from suppliers or service providers and should obtain assurance that the ICT products or ICT services achieve certain cybersecurity protection levels, for example by European cybersecurity certificates and EU statements of conformity for ICT products or ICT services issued under a European cybersecurity certification scheme adopted pursuant to Article 49 of Regulation (EU) 2019/881 of the European Parliament and of the Council2. Where the relevant entities set out security equirements to apply to the ICT products to be acquired, they should take into account the cybersecurity essential requirements set out in the [CyberResilience Act].
Navigieren Sie sicher durch die NIS2-Richtlinie!
Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!