---
title: "NIS2 Incident IS-3: Service Level Violation"
description: "NIS2 significant incident type IS-3: service level violation. When degraded performance triggers notification obligations and how to assess impact thresholds."
canonical: https://www.aegister.com/en/cms/insights/nis2-significant-incident-is-3-service-level-violation/
url: /en/cms/insights/nis2-significant-incident-is-3-service-level-violation/
lang: en
---

![](/static/images/header-contact.webp)

# NIS2 Significant Incident IS-3: Violation of Expected Service Levels

---

![NIS2 Significant Incident IS-3: Violation of Expected Service Levels](/static/images/cms/nis2-requisiti-di-base.webp)

## NIS2 Significant Incident IS-3: Violation of Expected Service Levels

February 13, 2026

[NIS2](/en/cms/keyword/nis2/)
[ACN](/en/cms/keyword/acn/)
[compliance](/en/cms/keyword/compliance/)
[CSIRT](/en/cms/keyword/csirt/)
+8

In the ACN baseline model, IS-3 covers incidents where the entity has evidence of expected service-level violation. Unlike IS-1 and IS-2, the affected object in IS-3 is the entity’s services or activities, not digital data as a primary object.

Sources: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base), [ACN baseline obligations determination](https://www.acn.gov.it/portale/documents/d/guest/detacn_obblighi_2511-v3_signed)

## Key takeaways

- IS-3 addresses service-impact scenarios based on expected service levels.
- Qualification starts from evidence of incident occurrence.
- Compromise is linked to service-level violation against defined expectations.
- The affected object is service/activity continuity and performance.

Sources: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base)

## IS-3 qualification model

### 1. Condition

The organization has evidence that a relevant incident occurred.

### 2. Compromise pattern

The compromise corresponds to violation of expected service levels defined by the entity’s baseline model.

### 3. Object of compromise

The compromised object is the services and/or activities provided by the NIS entity.

Sources: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base), [ACN baseline obligations determination](https://www.acn.gov.it/portale/documents/d/guest/detacn_obblighi_2511-v3_signed)

## Operational handling steps for IS-3

| Step | Control question | Expected output |
| --- | --- | --- |
| Evidence checkpoint | Do we have objective evidence of service-level breach? | Timestamped evidence log |
| Service impact mapping | Which services/activities are below expected levels? | Service-impact statement |
| Escalation decision | Does this meet significant-incident criteria? | Escalation and ownership decision |
| Notification readiness | Are impact facts and timeline structured for reporting? | Structured incident brief |

Sources: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base)

## 90-day implementation checklist

1. Define and maintain expected service-level references used for IS-3 qualification.
2. Align monitoring and triage workflows to capture service-level breach evidence.
3. Standardize impact analysis templates for service/activity degradation.
4. Run crisis simulations focused on service-level violation scenarios.
5. Keep traceable records linking IS-3 qualification to escalation outcomes.

## FAQ

### Is every service disruption automatically IS-3?

No. Qualification depends on official IS-3 typology criteria and documented incident evidence. Source: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base)

### What is the key differentiator from IS-1/IS-2?

IS-3 centers on service/activity impact and expected service-level violation, while IS-1/IS-2 primarily concern data compromise patterns. Source: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base)

### When does timing start for related obligations?

Timing references are tied to the point when the entity has evidence of the significant incident, as defined in official guidance. Source: [ACN baseline reading guide](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base)

### Related guides in this series

- [incident typology model](/en/cms/insights/nis2-incident-typology-model/)
- [incident notification under Article 25](/en/cms/insights/nis2-article-25-incident-notification/)

## Related reading

- [NIS2 Incident Typology Model: Condition, Compromise, and Affected Object](/en/cms/insights/nis2-incident-typology-model/)
- [NIS2 Significant Incident IS-2: Integrity Loss Affecting Digital Data](/en/cms/insights/nis2-significant-incident-is-2-integrity-loss/)
- [NIS2 Recovery Controls (RC): Operational Resilience and Service Restoration](/en/cms/insights/nis2-recovery-rc-operational-resilience/)
- [Aegister NIS2 Compliance Service](/en/solutions/compliance/nis2/)

## Official sources

- [ACN - Guide to reading baseline specifications](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base)
- [ACN - Baseline obligations determination and annexes](https://www.acn.gov.it/portale/documents/d/guest/detacn_obblighi_2511-v3_signed)

Share this post

## Related News

[![NIS2 Significant Incident IS-2: Integrity Loss Affecting Digital Data](/static/images/cms/nis2-requisiti-di-base.webp)](/en/cms/insights/nis2-significant-incident-is-2-integrity-loss/)

[NIS2 Significant Incident IS-2: Integrity Loss Affecting Digital Data](/en/cms/insights/nis2-significant-incident-is-2-integrity-loss/)

[IS-2 in the ACN baseline model covers integrity loss affecting digital data under entity ownership or control. Practical guide to qualification, evidence capture, and escalation workflow.](/en/cms/insights/nis2-significant-incident-is-2-integrity-loss/)

[NIS2](/en/cms/keyword/nis2/)
[ACN](/en/cms/keyword/acn/)
+9

[![NIS2 Significant Incident IS-1: Confidentiality Loss Affecting Digital Data](/static/images/cms/nis2-requisiti-di-base.webp)](/en/cms/insights/nis2-significant-incident-is-1-confidentiality-loss/)

[NIS2 Significant Incident IS-1: Confidentiality Loss Affecting Digital Data](/en/cms/insights/nis2-significant-incident-is-1-confidentiality-loss/)

[IS-1 in the ACN baseline model covers confidentiality loss affecting digital data under entity ownership or control. Practical guide to qualification, evidence capture, and escalation workflow.](/en/cms/insights/nis2-significant-incident-is-1-confidentiality-loss/)

[NIS2](/en/cms/keyword/nis2/)
[ACN](/en/cms/keyword/acn/)
+9

[![NIS2 Point of Contact and CSIRT Contact Role: Accountability and Operating Duties](/static/images/cms/nis2-requisiti-di-base.webp)](/en/cms/insights/nis2-point-of-contact-csirt-role-accountability/)

[NIS2 Point of Contact and CSIRT Contact Role: Accountability and Operating Duties](/en/cms/insights/nis2-point-of-contact-csirt-role-accountability/)

[NIS2 implementation guidance distinguishes the legal Point of Contact from the operational CSIRT contact role. Practical guide to role formalization, substitute model, competence mapping, and audit-ready evidence.](/en/cms/insights/nis2-point-of-contact-csirt-role-accountability/)

[NIS2](/en/cms/keyword/nis2/)
[ACN](/en/cms/keyword/acn/)
+10

### NIS 2 Compliance with Aegister

Complete solutions for NIS 2 Directive compliance: expert consulting, implementation and ongoing support.

[Discover](/en/solutions/compliance/nis2/)