EU regulation

NIS-2 (Network and Information Security Directive)

EU directive establishing cybersecurity obligations for operators of essential and important services across 18 sectors. Requires incident reporting within 24 hours (early warning), 72 hours (notification), and 1 month (final report).

In ITSMx

ITSMx provides significant-incident classification and 24h/72h/1mo reporting cascades built into the incident workflow.

NIS-2 compliance For NIS-2 operators

Related terms

DORA Major Incident

Informational only — not legal advice.