According to The Security of Networks and Information Systems Law, 2020, Digital Security Authority has the following responsibilities (Article 17):
(a) advise the Minister on issues relating to the security of networks and information systems, digital security and cybersecurity in the Republic;
(b) implement, in matters of security of networks and information systems, the general policy framework to be followed in accordance with the provisions of subsection (2) of section 16;
(c) be a national single point of contact for the security of networks and information systems (hereinafter referred to as the 'single point of contact');
(d) exercise, as a single point of contact, liaison functions to ensure cross-border cooperation with the competent authorities of the other Member States, the competent authorities of the Republic, the cooperation group and the network of CSIRTs, as provided for in section 33;
(e) consult and cooperate with the competent law enforcement authorities and the Commissioner for the Protection of Personal Data;
(f) submit as a single point of contact an annual summary report to the cooperation group, on a date to be determined by the Cooperation Group and/or the European Commission, on the notifications received, including the number of notifications and the nature of the notified incidents, as well as the measures taken in accordance with the provisions of subsections (3), and (5) of section 35 and the provisions of subsections (3) and (6) of section 37,
(g) ensure that it has sufficient resources for the effective performance of its duties and of the duties of the national CSIRT described in the provisions of paragraph (a) of subsection (2) of section 31;
(h) ensure the effective, efficient and secure cooperation of the national CSIRT within the framework of the network of CSIRT referred to in section 33;
(i) request the assistance of ENISA and/or other European and/or international organisations and/or other international bodies in the development of the national CSIRT;
(j) receive the notifications of incidents at national level and the notifications forwarded to it by any other competent authorities of member states of the European Union in accordance with the provisions of this Law,
(k) inform the Commission of the mandate, as well as of the key elements of the incident handling process by the national CSIRT;
(l)supervise the national CSIRT, the governmental CSIRT, the academic CSIRT or other sectoral CSIRTs in the Republic;
(m)ensure that the national CSIRTs have access to an appropriate, secure and resilient communication and information infrastructure at national level;
(n) identify for each sector and subsector referred to in a Decision issued by the Authority the operators of essential services established in the Republic;
(o) review and, where necessary, update the list of identified operators of essential services on a regular basis, at least every two years, and update the relevant list of operators of critical information infrastructure at least every two (2) years;
(p) cooperate closely with the Commissioner for the Protection of Personal Data to deal with incidents leading to personal data breaches;
(q) assess the compliance of operators of essential services and/or operators of critical information infrastructure with their obligations under section 35 and their impact on the security of their networks and information systems;
(r) ensure that operators of essential services and/or operators of critical information infrastructure take appropriate and proportionate technical and organisational measures to manage the risks to the security of the networks and information systems that they use in their activities;
(s) ensure that operators of essential services and/or operators of critical information infrastructure take appropriate measures to prevent and minimise the impact of incidents that affect the security of the networks and information systems which are used to provide these essential services, with a view to ensuring their continuity;
(t) ensure that operators of essential services and/or operators of critical information infrastructures notify it without undue delay of incidents that have a serious impact on the continuity of the essential services they provide;
(u) ensure that providers of public networks or publicly available electronic communications services notify it of any breach of security measures or loss of integrity of their networks which had a substantial impact on the functioning of their networks or services;
(v) ensure that digital service providers identify and take appropriate and proportionate technical and organisational measures to manage the risks to the security of the networks and information systems that they use, in the context of the provision of services referred to in a Decision made by the Authority;
(w)ensure that digital service providers take measures to prevent and minimise the impact of incidents that affect the security of networks and information systems in relation to the services referred to in a Decision issued by the Authority and offered within the European Union, with a view to ensuring their continuity;
(x) ensure that digital service providers notify to it, without undue delay, of any incident that has a significant impact on the provision of the service that they offer within the European Union, as set out in a Decision made by the Authority;
(y) issue any Decision, including interim measures, in respect of matters falling within its functions;
(z) impose an administrative fine, in accordance with the provisions of section 43, to any person that violates the provisions of this Law or the provisions of the Regulations or Decisions made thereunder;
(aa)be a member of and participate in meetings of such European or international organizations in the interest of the Republic;
(bb)request, in the context of its specific activities, the provision by operators of essential services and/or operators of critical information infrastructure, from digital service providers and from providers of electronic communications networks and/or services, any relevant technical, financial and other information, subject to the principle of proportionality;
(cc)exercise any other functions, powers and duties provided to it under the provisions of this Law or under the provisions of the Regulations and Decisions made thereunder;
(dd)process personal data, pursuant to the provisions of this Law, in accordance with the Protection of Natural Persons with regard to the Processing of Personal Data and the Free Movement of Such Data Law and Regulation (EU) No. 2016/679,
(ee)adopt and/or maintain provisions aimed at achieving a higher level of security of networks and information systems, without prejudice to the provisions of subsection (13) of section 37 and the obligations of the Republic deriving from Union law;
(ff) subject to the provisions of subsection (3) of section 19, publish information and documents referred to in the provisions of section 19 as it deems appropriate, for the purposes of promoting public awareness and understanding on issues of security of networks and information systems, digital security and cybersecurity;
(gg)monitor the application of the provisions of this Law in the Republic and, in the exercise of its competence, it may request and receive assistance from persons subject to supervision, under any relevant legislation, and from the respective supervisory authorities or from the national authorities contributing to supervision, when it is carried out by supranational authorities;
(hh)conclude memoranda of understanding with bodies governed by this Law or other authorities or organizations or companies that cooperate with the Authority;
