Table 1.
Comparative table: the NIS 2 Directive proposal (incident) and the MDR (serious incident)
| NIS 2 Directive proposal | MDR | |
|---|---|---|
| Product | Medical devices | Medical devices |
| Regulated entities | Important and essential entities | Manufacturers |
| Definition |
‘Incident’: any event compromising the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the related services offered by, or accessible via, network and information systems. ‘Cyber threat’: any potential circumstance, event or action that could damage, disrupt or otherwise adversely impact network and information systems, the users of such systems and other persons |
‘Serous incident’: any incident that directly or indirectly led, might have led or might lead to any of the following: (a) the death of a patient, user or other person; (b) the temporary or permanent serious deterioration of a patient’s, user’s or other person’s state of health, (c) a serious public health threat |
| Event/conditions |
Potential or occurred The event shall have a significant impact on the provision of services (having the potential to cause substantial operational disruption or financial losses for the entity concerned; or has affected or has the potential to affect other natural or legal persons by causing considerable material or non-material losses) |
Potential or occurred Reporting obligations also if aware—yet unsure—of potentially reportable incident |
| Timing | Without undue delay and in any event within 24 h after having become aware of the incident’ | Immediately to no later than 15 days after becoming aware of the incident; 2 days in the event of a serious public health threat; or ‘immediately’, in the event of death or unanticipated serious deterioration of a person’s state of health |
| Authorities | CSIRT or national competent authority | Relevant competent authority |
MDR Medical Device Regulation, NIS Network and Information Security System, CSIRT computer security incident response team