Chapter IV - Cybersecurity Risk-Management and Reporting Obligations

Chapter IV of the EU Directive 2022/2555 sets out mandatory cybersecurity risk-management and reporting duties for essential and digital service entities, requiring them to assess threats, implement appropriate technical and organisational safeguards, and promptly notify competent authorities of incidents. It also obliges member states to designate national authorities, create incident-handling teams, and ensure a coordinated EU-wide response framework.