EU NIS2 Significant Incident Notification

Detects NIS2 Article 23 significant-incident notifications from essential and important entities — the 24-hour early warning, 72-hour incident notification, intermediate report, final report, and progress report submitted to the CSIRT or competent authority. These filings contain live compromise details, indicators of compromise, and impact assessments; disclosure aids attackers and breaches supervisory confidentiality.

Type
keyword_proximity
Engine
universal
Confidence
medium
Confidence justification
Medium confidence: honest topic matcher. 'Significant incident' is the Article 23 defined trigger term and the only primary; the stage names 'early warning' and 'incident notification' are ubiquitous outside NIS2 (meteorology, PagerDuty-style ops tooling) so they corroborate but never fire alone. 'Significant incident' still occurs in generic incident-management prose at the 75/65 tiers; the 85 tier, which requires NIS2-specific vocabulary (CSIRT, Directive (EU) 2022/2555, severe operational disruption, indicators of compromise), approaches document-class precision.
Jurisdictions
eu
Regulations
Directive (EU) 2022/2555 (NIS2)
Frameworks
ISO 27001
Data categories
security, governance
Scope
wide
Risk rating
8

Pattern

(?i)\bsignificant\s+incident\b

Corroborative evidence keywords

CSIRT, computer security incident response team, competent authority, Directive (EU) 2022/2555, NIS2, NIS 2, severe operational disruption, indicators of compromise, cross-border impact, early warning, incident notification, intermediate report, final report, progress report, essential entity, important entity, without undue delay, SCADA, [object Object], [object Object] (+19 more)

Proximity: 300 characters

Should match

Should not match

Known false positives

References