News Item

When & How to Report Security Incidents

The European Union Agency for Cybersecurity (ENISA) releases new guidelines to facilitate the reporting of security incidents by national telecom security authorities.

Published on March 22, 2021

The guidelines published help national telecom security authorities in the reporting of significant incidents to ENISA and the European Commission under the European Electronic Communications Code (EECC).

These new guidelines replace the previous ones issued by ENISA on incident reporting under Article 13a of the EU Telecoms Framework Directive. This revised version takes into account the scope and the provisions of the EECC and provides non-binding technical guidance to national authorities supervising security in the electronic communications sector.

The following three types of incident reporting are provided for under article 40 of the EECC:

  1. National incident reporting from providers to national security authorities;
  2. Ad-hoc incident reporting between national security authorities and ENISA;
  3. Annual summary reporting from national security authorities to the European Commission and ENISA.

The new guidelines focus firstly on the ad-hoc incident reporting between the security authorities and ENISA and secondly on the annual summary reporting. More specifically, the document includes information on how and when security authorities can report security incidents to ENISA, to the European Commission and to other security authorities.

The information provided considers the services and incidents within the scope of the EECC - incidents affecting confidentiality, availability, integrity and authenticity of networks and services.  The thresholds needed for the annual reporting are also defined.  These thresholds are both of a quantitative and of a qualitative nature.

The quantitative elements considered include the number of users affected and the duration of the incident. Qualitative information was also used, such as the geographical coverage of the incident and the impact on the economy, on society and on users.

The new guidelines also include an incident report template and draw the distinction between national and annual reporting.

This report was drafted by ENISA in close cooperation with the ECASEC expert group of national telecom security authorities.


The European Electronic Communications Code (EECC) replaces the existing EU Telecoms Framework Directive and brings significant changes in the security supervision of electronic communication services.

Established in 2010, the ECASEC Expert Group (formerly the Article 13a Expert Group) consists of more than 50 experts from national telecom security authorities from 31 EU, EFTA and EU candidate countries, all of whom supervise the security of telecom networks and services.

The expert group produces technical guidelines for European authorities on the implementation of EU telecom security rules and publishes a summary report about major telecom security incidents on an annual basis.

Further Information

European Electronic Communications Code (EECC)

ECASEC Expert Group Portal

33rd Meeting of the European Competent Authorities for Secure Electronic Communications (ECASEC)

ENISA topic: Incident Reporting

ENISA Guideline on Security Measures under the EECC (December 2020)

ENISA report on Security Supervision under the EECC (January 2020)


For questions related to the press and interviews, please contact


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies