Guidelines on notification of Digital Service Providers incidents. Formats and procedures

Author (Corporate)
Series Title
Series Details 06/2018 (July 2018)
Publication Date 01/07/2018
Content Type


This document provides non-binding technical guidance for national competent authorities, regarding the mandatory notification requirements in the Network and Information Security (NIS) Directive (2016/1148) for Digital Service Providers (DSPs), for the requirement by the Member State of main establishment to inform other Member States in case of cross-border impact. In addition, the document contains guidelines for the annual summary reporting of the incidents notified by DSPs, that has to be submitted by the Member State to the NIS Cooperation Group.

Further information:

The NIS Cooperation Group was established by the 2016 Directive on security of network and information systems (the NIS Directive) to ensure strategic cooperation and the exchange of information among Member States in cybersecurity.

In the context of Directive (EU) 2016/1148 (the NIS Directive), public and private entities providing services 'essential to the maintenance of critical societal and/or economic activities', these 'Operators of Essential Services' (OES) shall be identified by each Member State on its territory and comply with several binding provisions defined nationally.

Source Link
Related Links
European Commission: NIS Cooperation Group

Subject Categories
Countries / Regions