---
title: "NIS2 Incident IS-1: Confidentiality Loss"
description: "NIS2 significant incident type IS-1: confidentiality loss affecting digital service or data. Classification criteria, notification triggers, and response actions."
canonical: https://www.aegister.com/en/cms/insights/nis2-significant-incident-is-1-confidentiality-loss/
url: /en/cms/insights/nis2-significant-incident-is-1-confidentiality-loss/
lang: en
---

![](/static/images/header-contact.webp)

# NIS2 Significant Incident IS-1: Confidentiality Loss Affecting Digital Data

---

![NIS2 Significant Incident IS-1: Confidentiality Loss Affecting Digital Data](/static/images/cms/nis2-requisiti-di-base.webp)

## NIS2 Significant Incident IS-1: Confidentiality Loss Affecting Digital Data

February 11, 2026

[NIS2](/en/cms/keyword/nis2/)
[ACN](/en/cms/keyword/acn/)
[compliance](/en/cms/keyword/compliance/)
[CSIRT](/en/cms/keyword/csirt/)
+7

In the ACN baseline incident model, IS-1 refers to a case where the entity has evidence of confidentiality loss involving digital data under its ownership or control. For operations teams, the key is to recognize the event pattern quickly, preserve evidence, and activate escalation/notification workflow without delay.

Sources: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base), [ACN baseline obligations determination](https://www.acn.gov.it/portale/documents/d/guest/detacn_obblighi_2511-v3_signed)

## Key takeaways

- IS-1 is linked to confidentiality loss scenarios.
- Notification obligations are tied to evidence of incident occurrence.
- The affected object is digital data in the entity’s ownership/control perimeter.
- Classification should be performed through the official typology model (condition, compromise, object).

Sources: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base)

## IS-1 qualification model

### 1. Condition

The organization has evidence that a relevant incident occurred.

### 2. Compromise pattern

The compromise corresponds to confidentiality loss (including external exposure scenarios described in official guidance).

### 3. Object of compromise

The impacted object is digital data owned by the entity or data over which it exercises full or partial control.

Sources: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base), [ACN baseline obligations determination](https://www.acn.gov.it/portale/documents/d/guest/detacn_obblighi_2511-v3_signed)

## Operational handling steps for IS-1

| Step | Control question | Expected output |
| --- | --- | --- |
| Evidence capture | Do we have objective evidence of confidentiality loss? | Evidence record with timestamp |
| Scope definition | Which data sets are involved and under what control model? | Data-impact scope statement |
| Escalation | Does the event meet significant-incident criteria? | Escalation decision record |
| Notification readiness | Are required facts prepared for authority workflow? | Structured incident brief |

Sources: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base)

## 90-day implementation checklist

1. Add IS-1 pattern checks to SOC/CSIRT triage forms.
2. Standardize evidence requirements for confidentiality-loss events.
3. Define data-impact mapping procedure for owned/controlled digital data.
4. Run tabletop scenarios focused on external confidentiality compromise.
5. Maintain traceability from IS-1 classification to escalation decision.

## FAQ

### Is every data leak automatically IS-1?

Classification depends on official IS-1 model criteria and documented incident evidence. Details are defined in the official call documentation. Source: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base)

### What starts timing for related obligations?

Timing is linked to the point where the entity has evidence of the significant incident, as defined in official guidance. Source: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base)

### Which data perimeter is relevant for IS-1?

Digital data owned by the entity or data under its control perimeter, according to the baseline definitions. Source: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base)

### Related guides in this series

- [incident typology model](/en/cms/insights/nis2-incident-typology-model/)
- [incident notification under Article 25](/en/cms/insights/nis2-article-25-incident-notification/)

## Related reading

- [NIS2 Incident Typology Model: Condition, Compromise, and Affected Object](/en/cms/insights/nis2-incident-typology-model/)
- [NIS2 Significant Incident IS-2: Integrity Loss Affecting Digital Data](/en/cms/insights/nis2-significant-incident-is-2-integrity-loss/)
- [NIS2 Response Controls (RS): Containment and Eradication in Incident Handling](/en/cms/insights/nis2-response-rs-containment-eradication/)
- [Aegister NIS2 Compliance Service](/en/solutions/compliance/nis2/)

## Official sources

- [ACN - Guide to reading baseline specifications](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base)
- [ACN - Baseline obligations determination and annexes](https://www.acn.gov.it/portale/documents/d/guest/detacn_obblighi_2511-v3_signed)

Share this post

## Related News

[![NIS2 Significant Incident IS-3: Violation of Expected Service Levels](/static/images/cms/nis2-requisiti-di-base.webp)](/en/cms/insights/nis2-significant-incident-is-3-service-level-violation/)

[NIS2 Significant Incident IS-3: Violation of Expected Service Levels](/en/cms/insights/nis2-significant-incident-is-3-service-level-violation/)

[IS-3 in the ACN baseline model covers service-level violation incidents affecting entity services and activities. Practical guide to qualification, service-impact mapping, and escalation workflow.](/en/cms/insights/nis2-significant-incident-is-3-service-level-violation/)

[NIS2](/en/cms/keyword/nis2/)
[ACN](/en/cms/keyword/acn/)
+10

[![NIS2 Significant Incident IS-2: Integrity Loss Affecting Digital Data](/static/images/cms/nis2-requisiti-di-base.webp)](/en/cms/insights/nis2-significant-incident-is-2-integrity-loss/)

[NIS2 Significant Incident IS-2: Integrity Loss Affecting Digital Data](/en/cms/insights/nis2-significant-incident-is-2-integrity-loss/)

[IS-2 in the ACN baseline model covers integrity loss affecting digital data under entity ownership or control. Practical guide to qualification, evidence capture, and escalation workflow.](/en/cms/insights/nis2-significant-incident-is-2-integrity-loss/)

[NIS2](/en/cms/keyword/nis2/)
[ACN](/en/cms/keyword/acn/)
+9

[![NIS2 Point of Contact and CSIRT Contact Role: Accountability and Operating Duties](/static/images/cms/nis2-requisiti-di-base.webp)](/en/cms/insights/nis2-point-of-contact-csirt-role-accountability/)

[NIS2 Point of Contact and CSIRT Contact Role: Accountability and Operating Duties](/en/cms/insights/nis2-point-of-contact-csirt-role-accountability/)

[NIS2 implementation guidance distinguishes the legal Point of Contact from the operational CSIRT contact role. Practical guide to role formalization, substitute model, competence mapping, and audit-ready evidence.](/en/cms/insights/nis2-point-of-contact-csirt-role-accountability/)

[NIS2](/en/cms/keyword/nis2/)
[ACN](/en/cms/keyword/acn/)
+10

### NIS 2 Compliance with Aegister

Complete solutions for NIS 2 Directive compliance: expert consulting, implementation and ongoing support.

[Discover](/en/solutions/compliance/nis2/)