---
title: "NIS2 Incident IS-2: Integrity Loss"
description: "NIS2 significant incident type IS-2: integrity loss affecting digital systems or data. Classification criteria, impact assessment, and compliance requirements."
canonical: https://www.aegister.com/en/cms/insights/nis2-significant-incident-is-2-integrity-loss/
url: /en/cms/insights/nis2-significant-incident-is-2-integrity-loss/
lang: en
---

![](/static/images/header-contact.webp)

# NIS2 Significant Incident IS-2: Integrity Loss Affecting Digital Data

---

![NIS2 Significant Incident IS-2: Integrity Loss Affecting Digital Data](/static/images/cms/nis2-requisiti-di-base.webp)

## NIS2 Significant Incident IS-2: Integrity Loss Affecting Digital Data

February 12, 2026

[NIS2](/en/cms/keyword/nis2/)
[ACN](/en/cms/keyword/acn/)
[compliance](/en/cms/keyword/compliance/)
[CSIRT](/en/cms/keyword/csirt/)
+7

In the ACN baseline typology, IS-2 addresses incidents where the entity has evidence of integrity loss involving digital data under its ownership or control. Operationally, teams should confirm unauthorized data alteration, assess external impact, and activate escalation/notification decision flow.

Sources: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base), [ACN baseline obligations determination](https://www.acn.gov.it/portale/documents/d/guest/detacn_obblighi_2511-v3_signed)

## Key takeaways

- IS-2 is tied to integrity-loss compromise patterns.
- Qualification requires evidence of incident occurrence.
- The compromise object is digital data owned/controlled by the entity.
- Official typology mapping (condition, compromise, object) should drive decision consistency.

Sources: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base)

## IS-2 qualification model

### 1. Condition

The entity has evidence that a relevant incident occurred.

### 2. Compromise pattern

The compromise corresponds to integrity loss, including unauthorized modification with external impact as described by official guidance.

### 3. Object of compromise

The impacted object is digital data within the entity ownership/control perimeter.

Sources: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base), [ACN baseline obligations determination](https://www.acn.gov.it/portale/documents/d/guest/detacn_obblighi_2511-v3_signed)

## Operational handling steps for IS-2

| Step | Control question | Expected output |
| --- | --- | --- |
| Evidence capture | Do we have objective evidence of unauthorized data modification? | Timestamped evidence record |
| Data-impact scope | Which data sets and dependent processes are affected? | Integrity-impact scope statement |
| Escalation decision | Does the case meet significant-incident criteria? | Escalation decision log |
| Notification readiness | Is incident information structured for authority workflow? | Structured incident brief |

Sources: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base)

## 90-day implementation checklist

1. Add IS-2 decision criteria into triage and investigation templates.
2. Standardize evidence collection for integrity-modification events.
3. Define workflow for mapping impacted data and downstream process effects.
4. Run incident drills focused on integrity compromise with external impact.
5. Keep traceable linkage between IS-2 qualification and escalation outcomes.

## FAQ

### Is any data inconsistency automatically IS-2?

No. Qualification depends on official typology criteria and documented incident evidence. Source: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base)

### What is the relevant incident trigger point?

The trigger is tied to when the entity acquires evidence of the significant incident, as defined in official guidance. Source: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base)

### Which data perimeter is considered for IS-2?

Digital data owned by the entity or data over which it exercises control, according to baseline definitions. Source: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base)

### Related guides in this series

- [incident typology model](/en/cms/insights/nis2-incident-typology-model/)
- [incident notification under Article 25](/en/cms/insights/nis2-article-25-incident-notification/)

## Related reading

- [NIS2 Incident Typology Model: Condition, Compromise, and Affected Object](/en/cms/insights/nis2-incident-typology-model/)
- [NIS2 Significant Incident IS-1: Confidentiality Loss Affecting Digital Data](/en/cms/insights/nis2-significant-incident-is-1-confidentiality-loss/)
- [NIS2 Significant Incident IS-3: Violation of Expected Service Levels](/en/cms/insights/nis2-significant-incident-is-3-service-level-violation/)
- [Aegister NIS2 Compliance Service](/en/solutions/compliance/nis2/)

## Official sources

- [ACN - Guide to reading baseline specifications](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base)
- [ACN - Baseline obligations determination and annexes](https://www.acn.gov.it/portale/documents/d/guest/detacn_obblighi_2511-v3_signed)

Share this post

## Related News

[![NIS2 Significant Incident IS-3: Violation of Expected Service Levels](/static/images/cms/nis2-requisiti-di-base.webp)](/en/cms/insights/nis2-significant-incident-is-3-service-level-violation/)

[NIS2 Significant Incident IS-3: Violation of Expected Service Levels](/en/cms/insights/nis2-significant-incident-is-3-service-level-violation/)

[IS-3 in the ACN baseline model covers service-level violation incidents affecting entity services and activities. Practical guide to qualification, service-impact mapping, and escalation workflow.](/en/cms/insights/nis2-significant-incident-is-3-service-level-violation/)

[NIS2](/en/cms/keyword/nis2/)
[ACN](/en/cms/keyword/acn/)
+10

[![NIS2 Significant Incident IS-1: Confidentiality Loss Affecting Digital Data](/static/images/cms/nis2-requisiti-di-base.webp)](/en/cms/insights/nis2-significant-incident-is-1-confidentiality-loss/)

[NIS2 Significant Incident IS-1: Confidentiality Loss Affecting Digital Data](/en/cms/insights/nis2-significant-incident-is-1-confidentiality-loss/)

[IS-1 in the ACN baseline model covers confidentiality loss affecting digital data under entity ownership or control. Practical guide to qualification, evidence capture, and escalation workflow.](/en/cms/insights/nis2-significant-incident-is-1-confidentiality-loss/)

[NIS2](/en/cms/keyword/nis2/)
[ACN](/en/cms/keyword/acn/)
+9

[![NIS2 Point of Contact and CSIRT Contact Role: Accountability and Operating Duties](/static/images/cms/nis2-requisiti-di-base.webp)](/en/cms/insights/nis2-point-of-contact-csirt-role-accountability/)

[NIS2 Point of Contact and CSIRT Contact Role: Accountability and Operating Duties](/en/cms/insights/nis2-point-of-contact-csirt-role-accountability/)

[NIS2 implementation guidance distinguishes the legal Point of Contact from the operational CSIRT contact role. Practical guide to role formalization, substitute model, competence mapping, and audit-ready evidence.](/en/cms/insights/nis2-point-of-contact-csirt-role-accountability/)

[NIS2](/en/cms/keyword/nis2/)
[ACN](/en/cms/keyword/acn/)
+10

### NIS 2 Compliance with Aegister

Complete solutions for NIS 2 Directive compliance: expert consulting, implementation and ongoing support.

[Discover](/en/solutions/compliance/nis2/)