The obligations of public entities within the national cybersecurity system

The lawmakers have imposed a number of obligations on public entities within the national cybersecurity system to ensure that information systems are resilient against actions which compromise the confidentiality, integrity, accessibility, and authenticity of the data being processed in these systems, or the related services provided by such systems. These obligations include incident reporting and handling by the appropriate public entities, and designating contact persons to communicate with national cybersecurity system entities. However, they do not apply to all public bodies – only those specifically named by the lawmakers. An important spectrum of measures in this regard involves public-entity incidents, i.e. occurrences which impair, or might impair, the quality of, or disrupt the performance of, a public function by a public entity. When fulfilling their obligations, it is particularly important for public entities to handle incidents, understood as taking measures to identify, register, analyse, classify, prioritise, contain, and remedy the incidents.