Guidelines on notification of Operators of Essential Services incidents. Formats and procedures

Author (Corporate)
Series Title
Series Details 05/2018 (July 2018)
Publication Date 01/07/2018
Content Type ,


This document provides non-binding technical guidance for national competent authorities and/or Computer Security Incident Response Teams (CSIRTs,) on the mandatory notification requirements in the Network and Information Security (NIS) Directive (2016/1148) for Operators of Essential Services (OES), for the requirement to inform other Member States in case of cross-border impact, for the annual summary reporting to the NIS Cooperation Group, and for the voluntary notifications.

The document combines two items in the NIS Coperation Group Work Programme 2018-2020. Namely: 'Guidelines on format and procedure of national notifications' (led by the Netherlands) and 'Guidelines on the procedure of mandatory sharing of information between affected Member States' (led by Poland).

Further information:

The NIS Cooperation Group was established by the 2016 Directive on security of network and information systems (the NIS Directive) to ensure strategic cooperation and the exchange of information among Member States in cybersecurity.

In the context of Directive (EU) 2016/1148 (the NIS Directive), public and private entities providing services 'essential to the maintenance of critical societal and/or economic activities', these 'Operators of Essential Services' (OES) shall be identified by each Member State on its territory and comply with several binding provisions defined nationally.

Source Link
Related Links
European Commission: NIS Cooperation Group

Subject Categories
Countries / Regions