Article 8 – Significant incidents with regard to data centre service providers

With regard to data centre service providers, an incident shall be considered significant under Article 3 where it fulfils one or more of the following criteria:

(a) one or more of the data centre services of one or more of the data centres operated by the provider is completely unavailable;

(b) the customer service level agreement for one or more of the data centre services of one or more of the data centres operated by the provider is not met for a duration of more than one hour;

(c) the customer service level agreement for one or more of the data centre services of one or more data centres operated by the provider is not met as a result of a suspectedly malicious action;

(d) the integrity, confidentiality or authenticity of stored, transmitted or processed data related to the provision of the data centre service is compromised as a result of a suspectedly malicious action,

(e) physical access to one or more of the data centres operated by the provider is compromised.

Stand: 27.06.2024

Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!