<div dir="ltr">
<div class="gmail-content"><p class="gmail-Normal">Hi all,</p><p class="gmail-Normal"><span>Just thought I would throw this in for when we copy annual risk assessment from section 5 of the BRs into the NCSSRs.</span></p><p class="gmail-Normal"><span>Article 18: Cybersecurity risk management measures</span>
</p>
<p class="gmail-li gmail-ManualNumPar1">
<span class="gmail-num"><span>1.</span></span><span> Member
States shall ensure that essential and important entities shall take
<b>appropriate and proportionate technical and organisational measures to
manage the risks posed to the security of network and information
systems which those entities use</b></span><span><b> in the provision of their
services</b>. Having regard to the state of the art, those measures shall
ensure a level of security of network and information systems
appropriate to the risk presented.</span>
</p><p class="gmail-li gmail-Point1"><span><br></span> </p><p class="gmail-li gmail-Point1"><br></p></div>
</div>