7. The communications provided for in the third paragraph of section 12.2 and section 12.3 of the Act must be made by any means that provides proper protection. They may be made using automated systems in the form, for example, of bulletins or warnings.
Where a security event is related to cybersecurity, the activities allowing the communications referred to in the first paragraph are carried out by cybersecurity practitioners as part of their respective responsibilities.
For such an event, the communications referred to in the first paragraph must be based on the obligation to take cybersecurity measures to follow good practices generally recognized by international benchmarks, such as ISO standards or the National Institute of Standards and Technology (NIST) benchmark.
1296-2022O.C. 1296-2022, s. 7.