News Item

Guidelines on Incident Notification for Digital Service Providers

ENISA publishes a comprehensive guideline on how to implement incident notification requirements for Digital Service Providers, in the context of the NIS Directive.

Published on February 28, 2017

The EU’s first DSP mandatory incident notification requirements as part of the first EU-wide set of rules on cyber-security, are a major step towards achieving a common level of cyber-security across the Union. ENISA’s comprehensive technical guideline supports stakeholders in addressing mandatory incident notification for Digital Service Providers (DSPs) in the context of the NIS Directive. Based on the requirements of the Directive and valuable input from Member States and DSPs directly impacted by the Directive, this guideline touches the following topics:

  • identifying types of incidents to be reported
  • definitions and clarifications on parameters and thresholds
  • defining substantial incidents
  • description of the incident reporting process and the stakeholders involved
  • cross border sharing of incidents
  •  identification of DSPs

This report represents an outline technical proposal used as input for the discussions regarding the implementation of article 16 of the NIS Directive, concerning mandatory incident notification for DSPs.

The full report is available here

For media and press enquiries please contact, Tel: +30 2814 409576



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information