NIS2 · Article 23 — Reporting
Art. 23 Reporting obligations
Notify the CSIRT or competent authority of significant incidents — an early warning within 24 hours and a fuller notification within 72 hours.
Mapped across 13 provisions
Equivalent and related requirements in other frameworks and regulations.
- DORAPartialCuratedArt. 17 ICT-related incident management process
Réponse aux incidents et notification des violations
- DORAPartialCuratedArt. 19 Reporting of major ICT-related incidents
Réponse aux incidents et notification des violations
- GDPRRelatedCuratedArt. 33 Notification of a personal data breach to the supervisory authority
Réponse aux incidents et notification des violations
- GLBAPartialCurated§314.4(h) Incident response plan
Réponse aux incidents et notification des violations
- HIPAAPartialCurated§164.308(a)(6) Security incident procedures
Réponse aux incidents et notification des violations
- HIPAARelatedCurated§164.404 Notification to individuals
Réponse aux incidents et notification des violations
- ISO 27001PartialCuratedA.5.24 Information security incident management planning and preparation
Réponse aux incidents et notification des violations
- ISO 27001PartialCuratedA.5.26 Response to information security incidents
Réponse aux incidents et notification des violations
- LGPDRelatedCuratedArt. 48 Communication of a security incident
Réponse aux incidents et notification des violations
- NIS2PartialCuratedArt. 21(2)(b) Incident handling
Réponse aux incidents et notification des violations
- NIST 800-171PartialCurated3.6.1 Establish an incident-handling capability
Réponse aux incidents et notification des violations
- NIST 800-53PartialCuratedIR-4 Incident handling
Réponse aux incidents et notification des violations
- NIST 800-53PartialCuratedIR-6 Incident reporting
Réponse aux incidents et notification des violations