1. Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);(Official Journal of the European Union L 119/1/2016)

2. Regulation (EU) 2019/881 of the European Parliament and of the Council on ENISA (the European Union Agency for Cybersecurity) and on information and communication technology cybersecurity certification, and repealing Regulation (EU) No. 526/2013 (Cybersecurity Act);(Official Journal of the European Union, L 151/15 of 17.04.2019)

3. Directive (EU) 2016/1148 of the European Parliament and of the Council concerning measures for a high common level of security of network and information systems across the Union;(Official Journal of the European Union L 194/1 of 6 July 2016)

4. CSIRT stands for Computer Security Incident Response Team, i.e. the body responsible for incident prevention and protection,2024

5. Directive (EU) 2022/2555 of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No. 910/2014 and Directive (EU) 2018/1972 and repealing Directive (EU) 2016/1148 (NIS 2 Directive);(Official Journal of the European Union L 333/80 of 27 December 2022),2022