Frequently Asked Question - FAQ

Can I join the CSIRTs Network?

TLDR : No, CSIRTs can only be appointed via the transposition of the NIS Directive into national law.

The European Union CSIRTs Network is a network composed of EU Member States’ appointed CSIRTs via the transposition of the NIS Directive into national law and CERT-EU (“CSIRTs Network members”) therefore the process is dealt at European Union Member State level.

For more information we suggest reaching out to the appointed CSIRTs Network members for your European Union Member State.

The appointed CSIRT for each European Union Member State is listed in the home page.

Why is the CSIRTs Network unique in the world?

It is the only incident response formal cooperation network in the world defined by law through the European Union Directive, the NIS Directive and with such clear operational mandate, art 15. 

For more information on how the network started and its uniqueness, you can watch the presentation done by the ENISA team powering the CSIRTs Network at The One conference in October 2023.

How article 15 defines the role and mandate of the CSIRTs Network?

 Here is the full text:

1.   In order to contribute to the development of confidence and trust and to promote swift and effective operational cooperation among Member States, a network of national CSIRTs is established.

2.   The CSIRTs network shall be composed of representatives of the CSIRTs designated or established pursuant to Article 10 and the computer emergency response team for the Union’s institutions, bodies and agencies (CERT-EU). The Commission shall participate in the CSIRTs network as an observer. ENISA shall provide the secretariat and shall actively provide assistance for the cooperation among the CSIRTs.

3.   The CSIRTs network shall have the following tasks:


to exchange information about the CSIRTs’ capabilities;


to facilitate the sharing, transfer and exchange of technology and relevant measures, policies, tools, processes, best practices and frameworks among the CSIRTs;


to exchange relevant information about incidents, near misses, cyber threats, risks and vulnerabilities;


to exchange information with regard to cybersecurity publications and recommendations;


to ensure interoperability with regard to information-sharing specifications and protocols;


at the request of a member of the CSIRTs network potentially affected by an incident, to exchange and discuss information in relation to that incident and associated cyber threats, risks and vulnerabilities;


at the request of a member of the CSIRTs network, to discuss and, where possible, implement a coordinated response to an incident that has been identified within the jurisdiction of that Member State;


to provide Member States with assistance in addressing cross-border incidents pursuant to this Directive;


to cooperate, exchange best practices and provide assistance to the CSIRTs designated as coordinators pursuant to Article 12(1) with regard to the management of the coordinated disclosure of vulnerabilities which could have a significant impact on entities in more than one Member State;


to discuss and identify further forms of operational cooperation, including in relation to:


categories of cyber threats and incidents;


early warnings;


mutual assistance;


principles and arrangements for coordination in response to cross-border risks and incidents;


contribution to the national large-scale cybersecurity incident and crisis response plan referred to in Article 9(4) at the request of a Member State;


to inform the Cooperation Group of its activities and of the further forms of operational cooperation discussed pursuant to point (j), and, where necessary, request guidance in that regard;


to take stock of cybersecurity exercises, including those organised by ENISA;


at the request of an individual CSIRT, to discuss the capabilities and preparedness of that CSIRT;


to cooperate and exchange information with regional and Union-level Security Operations Centres (SOCs) in order to improve common situational awareness on incidents and cyber threats across the Union;


where relevant, to discuss the peer-review reports referred to in Article 19(9);


to provide guidelines in order to facilitate the convergence of operational practices with regard to the application of the provisions of this Article concerning operational cooperation.

4.   By 17 January 2025, and every two years thereafter, the CSIRTs network shall, for the purpose of the review referred to in Article 40, assess the progress made with regard to the operational cooperation and adopt a report. The report shall, in particular, draw up conclusions and recommendations on the basis of the outcome of the peer reviews referred to in Article 19, which are carried out in relation to the national CSIRTs. That report shall be submitted to the Cooperation Group.

5.   The CSIRTs network shall adopt its rules of procedure.

6.   The CSIRTs network and EU-CyCLONe shall agree on procedural arrangements and cooperate on the basis thereof

What is an EU directive ?

Directives form part of the EU’s secondary law. They are therefore adopted by the EU institutions in accordance with the treaties. Once adopted at EU level, they are then transposed by EU Member States so they become law in the Member States, more info on EULEX

Can I reach out to the CSIRTs Network?

For any info, request and contact please reach out to the ENISA secretariat team at cnw at enisa europa eu.