- In order to support and facilitate strategic cooperation and the exchange of information among Member States, as well as to strengthen trust and confidence, a Cooperation Group is established.
- The Cooperation Group shall carry out its tasks on the basis of biennial work programmes referred to in paragraph 7.
- The Cooperation Group shall be composed of representatives of Member States, the Commission and ENISA. The European External Action Service shall participate in the activities of the Cooperation Group as an observer. The European Supervisory Authorities (ESAs) and the competent authorities under Regulation (EU) 2022/2554 may participate in the activities of the Cooperation Group in accordance with Article 47(1) of that Regulation.
Where appropriate, the Cooperation Group may invite the European Parliament and representatives of relevant stakeholders to participate in its work.
The Commission shall provide the secretariat.
- The Cooperation Group shall have the following tasks:
- to provide guidance to the competent authorities in relation to the transposition and implementation of this Directive;
- to provide guidance to the competent authorities in relation to the development and implementation of policies on coordinated vulnerability disclosure, as referred to in Article 7(2), point (c);
- to exchange best practices and information in relation to the implementation of this Directive, including in relation to cyber threats, incidents, vulnerabilities, near misses, awareness-raising initiatives, training, exercises and skills, capacity building, standards and technical specifications as well as the identification of essential and important entities pursuant to Article 2(2), points (b) to (e);
- to exchange advice and cooperate with the Commission on emerging cybersecurity policy initiatives and the overall consistency of sector-specific cybersecurity requirements;
- to exchange advice and cooperate with the Commission on draft delegated or implementing acts adopted pursuant to this Directive;
- to exchange best practices and information with relevant Union institutions, bodies, offices and agencies;
- to exchange views on the implementation of sector-specific Union legal acts that contain provisions on cybersecurity;
- where relevant, to discuss reports on the peer review referred to in Article 19(9) and draw up conclusions and recommendations;
- to carry out coordinated security risk assessments of critical supply chains in accordance with Article 22(1);
- to discuss cases of mutual assistance, including experiences and results from cross-border joint supervisory actions as referred to in Article 37;
- upon the request of one or more Member States concerned, to discuss specific requests for mutual assistance as referred to in Article 37;
- to provide strategic guidance to the CSIRTs network and EU-CyCLONe on specific emerging issues;
- to exchange views on the policy on follow-up actions following large-scale cybersecurity incidents and crises on the basis of lessons learned of the CSIRTs network and EU-CyCLONe;
- to contribute to cybersecurity capabilities across the Union by facilitating the exchange of national officials through a capacity building programme involving staff from the competent authorities or the CSIRTs;
- to organise regular joint meetings with relevant private stakeholders from across the Union to discuss activities carried out by the Cooperation Group and gather input on emerging policy challenges;
- to discuss the work undertaken in relation to cybersecurity exercises, including the work done by ENISA;
- to establish the methodology and organisational aspects of the peer reviews referred to in Article 19(1), as well as to lay down the self-assessment methodology for Member States in accordance with Article 19(5), with the assistance of the Commission and ENISA, and, in cooperation with the Commission and ENISA, to develop codes of conduct underpinning the working methods of designated cybersecurity experts in accordance with Article 19(6);
- to prepare reports for the purpose of the review referred to in Article 40 on the experience gained at a strategic level and from peer reviews;
- to discuss and carry out on a regular basis an assessment of the state of play of cyber threats or incidents, such as ransomware.
The Cooperation Group shall submit the reports referred to in the first subparagraph, point (r), to the Commission, to the European Parliament and to the Council.
- Member States shall ensure effective, efficient and secure cooperation of their representatives in the Cooperation Group.
- The Cooperation Group may request from the CSIRTs network a technical report on selected topics.
- By 1 February 2024 and every two years thereafter, the Cooperation Group shall establish a work programme in respect of actions to be undertaken to implement its objectives and tasks.
- The Commission may adopt implementing acts laying down procedural arrangements necessary for the functioning of the Cooperation Group.
Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
The Commission shall exchange advice and cooperate with the Cooperation Group on the draft implementing acts referred to in the first subparagraph of this paragraph in accordance with paragraph (4), point (e).
- The Cooperation Group shall meet on a regular basis and in any event at least once a year with the Critical Entities Resilience Group established under Directive (EU) 2022/2557 to promote and facilitate strategic cooperation and the exchange of information.