The CSIRTs Network and its members


A Computer Security Incident Response Team (‘CSIRT’) is a group of IT professionals who will respond to security incidents when they occur. A CSIRT will provide services and support in the field of prevention, management and coordination of these possible cybersecurity related incidents. The Network and Information Security Directive (‘NIS Directive’) provides a framework for the establishment of the CSIRT, which requires Member States to provide at least one CSIRT (Art. 9 Directive (EU) 2016/1148). In this way, a quick and efficient response to security incidents of network and information networks will be ensured. More important, it enables the ability to regain control and to avoid or minimise any damage resulting from such security incidents.

In addition, the NIS Directive establishes the CSIRT Network (Art. 12 Directive (EU) 2016/1148). This Network consists of the representatives of the Member States’ CSIRTs, the CERT-EU, the European Union Agency for Cybersecurity (‘ENISA’) and the European Commission as an observer. In other words, the NIS Directive is not limited to promoting cybersecurity within each EU Member State, but also aims at enhancing security and trust between each of these Member States. The focus is mainly on exchanging information, learning of each other’s mistakes, supporting cross-border incidents and overall shaping an operational operation. By doing so, the network guarantees rapid and effective operational cooperation throughout the European Union. This ensures that EU Member States do not stand alone regarding cybersecurity, as it guarantees information and knowledge sharing that benefits for both the Member States themselves, and the European Union as a whole. To evaluate the experience gained from operational cooperation, the CSIRT Network will draw up a report every year and a half, including conclusions and some recommendations. This first report is expected in 2020 (Art. 12(4) Directive (EU) 2016/1148).

It must be noted that not every CSIRT is a part of the CSIRT Network. For example, Belgium has around seven teams, but only one team is registered as a member of the CSIRT Network (European Union Agency for Cybersecurity, n.d.). Other CSIRT are often businesses who provided a CSIRT as a service to oversee security of the data and information networks of companies and / or governments. To provide a clear overview, all the national CSIRTs which are member of the CSIRTs Network, will be listed below.

Overview of national CSIRTs

Find here a complete overview of all CSIRTs, both members and non-members of the CSIRTs Network (European Union Agency for Cybersecurity, n.d.).

[ninja_tables id=”238″]

  • The CERT-EU: The CERT-EU is the Computer Emergency Response Team for the EU institutions, agencies and bodies (CERT-EU, n.d.).
  • Trusted Introducer: TF-CSIRT Trusted Introducer offers 3-tiers of membership: Listed, Accredited and Certified. For an IT team to become a part of the Trusted Introducer Community, the team needs to be listed. The following step in the maturity level of a TF-CSIRT is to become accredited as a team. The last and final step is the certification (Trusted Introducer, n.d.).
  • First Status: FIRST is the premier organisation and recognised global leader in incident response and further enables the teams to respond more effectively to security incidents reactive as well as proactive response (FIRST, n.d.).



European Union, European Parliament and Council. (2016). Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. Retrieved from

European Union, European Union Agency for Cybersecurity. (n.d.). CSIRT by Country – Interactive Map. Retrieved from

CERT-EU. (n.d.). About us. CERT-EU. Retrieved from

Trusted Introducer. (n.d.). Processes. TF-CSIRT Trusted Introducer. Retrieved from

FIRST. (n.d.). FIRST is the global Forum of Incident Response and Security Teams. Retrieved from