If your organisation is an essential or important entity under the NIS 2 Directive, you have to register for a sector-specific list of entities. These instructions only apply to the sectors supervised by Traficom.
Does the notification obligation apply to your organisation?
If your organisation operates in the sectors that are supervised by Traficom and fall within the scope of the NIS 2 Directive, you have to register for a list of entities. Organisations covered by the obligation include transport operators and digital infrastructure entities, for example.
Not sure? Check section 3 of the Cybersecurity Act (lain numero) and section 3 of the Act on Information Management in Public Administration (906/2019) to see whether the notification obligation applies to your organisation. For more information on the supervisory authorities, please visit the NCSC-FI’s NIS 2 web pages.
You will need the following information for the registration:
- entity’s name
- sector, subsector and type of entity
- address of establishment in Finland or
- address of main establishment in Finland and addresses of other establishments in the EU
- up-to-date contact details, including email addresses and telephone numbers
- Member States where services are provided
- entity’s IP ranges
- information about whether the entity is an essential entity as referred to in the Cybersecurity Act or Act on Information Management in Public Administration
- information about whether the entity participates in a voluntary cybersecurity information-sharing arrangement
Go to registration
You can register for Traficom’s list of entities online. You need to log in to the service with your Suomi.fi credentials and the mandate “Reporting details of cyber security operators”. More information on authorisations and mandates and on acting on behalf of an organisation is available on the Suomi.fi website. (External link)