The notification period for the suspicion of a significant security incident is 24 hours (early warning) and 72 hours for a detailed assessment including the severity and its impact. One month after the notification of the early warning, a detailed final report must be submitted to the competent supervisory authority, describing the security incident in detail in terms of its cause and impact, as well as the remedial measures taken/underway. Cross-border effects must be reported in any case.
What to do next? Read the 10-step guide to NIS2 compliance.
NIS2 requires companies to introduce certain measures in order to fulfil the requirements of the directive. Find out in our practical 10-step guide which basic measures you need to introduce for NIS2 compliance.Download guide