1、Crossover RegulationsNavigating NIS 2,CRA,AMLR,DORA and eIDAS 2Paloma Llaneza CerteIDAS11th TSF|17th CA Day|ENISA1/18RegulationLegal BasisTSP ApplicationSupervisorKey DatesPenaltiesNIS 2Directive(EU)2022/2555Essential entity(Annex I)Cybersecurity SBOct 2024 transposition10M or 2%turnoverCIR-NIS2Reg(
2、EU)2024/269020-min threshold(Art.14)National CSIRT7 Nov 2024 in forceAs per NIS 2DORARegulation(EU)2022/2554ICT third-party providerESAs(if critical)17 Jan 2025Per financial regulationsCRARegulation(EU)2024/2847Products with digital elementsMarket surveillance11 Dec 202715M or 2.5%turnovereIDAS 2Reg
3、ulation(EU)2024/1183Trust service providersNational SB20 May 2024 in forceNational implementationCritical Issue:Each regulation creates distinct obligations for TSPs,with overlapping but non-harmonised requirements.The Current Regulatory Framework2/18Commission Implementing Regulation(EU)2024/2690Ar
4、ticle 14:Trust Service Providers-Specific ParametersCritical incident or more of the following criteria:(a)a trust service is completely unavailable for more than 20 minutes;(b)a trust service is unavailable to users,or relying parties,for more than one hour calculated on a calendar week basis;(c)mo
5、re than 1%of the users or relying parties in the Union,or more than 200 000 users or relying parties in the Union,whichever number is smaller,are impacted by limited availability of a trust service;(d)physical access to an area where network and information systems are located and to which access is
6、 restricted to trusted personnel of the trust service provider,or the protection of such physical access,is compromised;(e)the integrity,confidentiality or authenticity of stored,transmitted or processed data related to the provision of a trust service is compromised with an impact on more than 0,1%