Skip to main content
ITSMx
NIS-2 — Network and Information Security Directive

Hit the 24-hour early warning window — from the incident your team is already triaging.

ITSMx embeds NIS-2 significant-incident classification and the 24h/72h/1mo reporting cascade into your service desk. No bolt-on, no spreadsheet timer.

Request a demo
What the regulation requires → what ITSMx produces

Capabilities

NIS-2
Art. 23Significant-incident classification

Incidents are assessed against NIS-2 significance criteria as they are triaged. Classification fields are built into the incident form — no separate workflow.

NIS-2
Art. 23(4)24h / 72h / 1mo reporting cascade

Early warning within 24 hours, incident notification within 72 hours, final report within one month. Cascade timers start when the incident meets the significance threshold.

NIS-2
Art. 23War room and coordinated response

Major-incident war room with timeline, stakeholder updates, and auto-drafted post-incident review. Everything the CSIRT or competent authority needs is captured in one place.

NIS-2
Art. 23(1)Status page for affected services

Tenant status pages keep internal and (optionally) external stakeholders informed during significant incidents, with a full audit trail of updates.

Common questions

NIS-2 FAQ

NIS-2 covers essential entities (energy, transport, banking, health, water, digital infrastructure, ICT service management, public admin, space) and important entities (postal, waste, chemicals, food, manufacturing, digital providers, research). If you're unsure, the readiness checklist helps scope it.
Not automatically. The platform produces the early warning content and tracks the 24-hour timer, but submission to your national CSIRT is currently manual. Automated submission is on the roadmap.
Yes. DORA and NIS-2 toggles can be enabled on the same tenant. Where timelines overlap (e.g., both require incident notification), the system tracks both cascades independently.

Informational only — not legal advice. Consult qualified counsel for regulatory obligations specific to your organization.

See the NIS-2 cascade on a live incident.

30 minutes. We'll walk through significant-incident classification and reporting timelines.

Request a demoTalk to us