Security check

NIS2 incident reporting: meeting the 24h and 72h duty

NIS2 requires you to report significant incidents in stages: an early warning within 24 hours and full notification within 72 hours. But the clock only starts when you detect the incident β€” and that's where most fail.

Run a free domain scan All checks β†’
Relates to: NIS2 Β· art. 23 β€” reporting obligation SE Cybersecurity Act Β· 2026 ISO 27001 Β· A.5.24–A.5.26 incident management

What we check

We help you understand what triggers NIS2's reporting duty, the time stages (24h early warning, 72h notification, final report within a month), and β€” most importantly β€” the technical ability to detect an incident in time so the deadlines are actually achievable.

Why it matters

The reporting duty is one of NIS2's most concrete and sanctioned parts. But a 24-hour deadline is meaningless if you detect the breach after three weeks. The core is detection capability: continuous monitoring of exposure, vulnerabilities and anomalies.

How Security Guru tests it

Common mistakes

  • Focus on the report template but no ability to detect the incident
  • No clear threshold for what triggers the duty
  • Unclear who owns the 24h warning when it actually hits
  • No monitoring β†’ the incident is detected long after the deadline

What you get in the report

  • Your detection capability assessed against the reporting deadlines
  • Technical gaps that delay detection
  • Recommended monitoring to meet 24h/72h
  • Checklist and role assignment for incident reporting

FAQ

What counts as an incident under NIS2?

An incident with a significant impact on the provision of your services. The threshold depends on sector and effect β€” we help you set a practical line.

When does the 24-hour deadline start?

When you become aware of the incident. That's why detection capability is decisive β€” without it you can miss the deadline without even knowing.

Do you report on our behalf?

No β€” you notify the supervisory authority/CSIRT. We provide the technical capability and evidence that make it possible in time.

Want to know your status?

Run a free scan or order a full Security Assessment β€” prioritised, not noise.

Run a free domain scan