Article 21, Requests for information
1. In order to carry out its duties under this Regulation, the Commission may, by simple request or by decision, require from undertakings and associations of undertakings to provide all necessary information. The Commission may also, by simple request or by decision, require access to any data and algorithms of undertakings and information about testing, as well as requesting explanations of them.
2. When sending a simple request for information to an undertaking or association of undertakings, the Commission shall state the legal basis and purpose of the request, specify what information is required and fix the time limit within which the information is to be provided, as well as the fines provided for in Article 30 applicable for supplying incomplete, incorrect or misleading information or explanations.
3. Where the Commission requires undertakings and associations of undertakings to supply information by decision, it shall state the legal basis and purpose of the request, specify what information is required and fix the time limit within which the information is to be provided. Where the Commission requires undertakings to provide access to any data, algorithms and information about testing, it shall state the purpose of the request and fix the time -limit within which it is to be provided. It shall also indicate the fines provided for in Article 30 and indicate or impose the periodic penalty payments provided for in Article 31. It shall further indicate the right to have the decision reviewed by the Court of Justice.
4. The undertakings or associations of undertakings or their representatives shall supply the information requested on behalf of the undertaking or the association of undertakings concerned. Lawyers duly authorised to act may supply the information on behalf of their clients. The latter shall remain fully responsible if the information supplied is incomplete, incorrect or misleading.
5. At the request of the Commission, the competent authorities of the Member States shall provide the Commission with all necessary information in their possession to carry out the duties assigned to it by this Regulation.
Cyber Risk GmbH
Tel: +41 79 505 89 60
We process and store data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint. The servers are located in the Interxion data center in Zürich, the data is saved exclusively in Switzerland, and the support, development and administration activities are also based entirely in Switzerland.
Understanding Cybersecurity in the European Union.