Art 20 - Governance

Article 20 of the EU Directive 2022/2555 outlines governance obligations for essential and important entities, requiring them to adopt appropriate organizational structures, risk-based policies and procedures, and to assign clear responsibilities for managing network and information-system security. It also mandates regular reporting to competent authorities and the implementation of internal controls to ensure continuous compliance with the directive's security requirements.