Incident reporting
When a significant incident occurs, NIS2 Article 23 puts you on a strict clock with your national CSIRT / competent authority. Reglyze tracks that clock and prepares the submissions in the right national format.
The Article 23 clock
For a significant incident, the deadlines run from the moment you become aware:
| Step | Deadline | What’s submitted |
|---|---|---|
| Early warning | within 24 hours | initial notification (suspected unlawful/malicious cause, cross-border impact) |
| Incident notification | within 72 hours | updated assessment, severity, indicators of compromise |
| Final report | within 1 month | detailed description, root cause, mitigation |
Reglyze computes each deadline from the detection time and shows what’s due next, so a significant incident never silently blows a statutory deadline.
National formats
The submission format depends on your country’s CSIRT — Reglyze includes adapters (e.g. ANSSI for France, ACN for Italy, the national CSIRT elsewhere) and pre-fills the report from the incident record.
Recording an incident
Log the incident with its detection time and severity. For significant incidents the step state advances through early warning → notification → final report; non-significant incidents are tracked without the statutory clock. The timeline keeps a full audit trail of what was submitted and when.
MSP view
For MSPs, incidents with an open reporting step surface in the portfolio action center ranked by deadline proximity, so a 24-hour early-warning window for any client is impossible to miss across the book.