How does ENISA cooperate with users of the EU Cybersecurity Reserve? Who decides which entity should benefit from services provided by the Reserve?

ENISA has published operational details on the cooperation framework for the EU Cybersecurity Reserve, a key mechanism established under the NIS2 Directive. The update clarifies the process for requesting and deploying rapid cybersecurity assistance in response to significant incidents. It specifies that ENISA acts as the central facilitator, coordinating between the affected entity, the national CSIRT, and the Reserve's providers.

The Reserve primarily serves entities within the scope of the NIS2 Directive. This includes essential and important entities across a wide range of sectors such as energy, transport, banking, healthcare, and digital infrastructure. Member State authorities and their designated CSIRTs are also directly involved in the activation process.

Compliance teams should familiarize themselves with this procedural guidance and integrate it into their incident response plans. The next step is to confirm national-level protocols with the relevant CSIRT, ensuring clear internal lines of communication for potential Reserve activation requests. Understanding this coordinated process is critical for leveraging EU-level support during major cyber incidents.