For NIS-2 scope operators

Hit the 24-hour early warning window with tooling your team already uses.

NIS-2 brings mandatory incident-reporting timelines for essential and important entities. ITSMx builds the classification and cascade into the incident workflow — no bolt-on, no spreadsheet timer.

Request a demo

Reporting timelines, handled

NIS-2

Art. 23(4)(a) — Early warning to the CSIRT within 24 hours of becoming aware of a significant incident.

NIS-2

Art. 23(4)(b) — Incident notification within 72 hours — initial assessment, severity, impact, indicators of compromise.

NIS-2

Art. 23(4)(d) — Final report within one month — root cause, mitigation measures, cross-border impact.

Which sectors?

NIS-2 covers energy, transport, banking, health, water, digital infrastructure, ICT service management, public administration, space (essential) and postal, waste, chemicals, food, manufacturing, digital providers, research (important).

NIS-2 deep dive NIS-2 readiness checklist

See the NIS-2 cascade on a live incident.

30 minutes. We'll walk through significant-incident classification and your reporting timelines.

Request a demo Talk to us