NIS 2 Incident Notification
AI-powered workflow for managing and reporting security incidents according to the NIS 2 Directive.
8 steps from incident to notification
A complete and automated workflow to manage every security incident, from detection to closure.
Ingestion
Automatic alert reception from SIEM, XDR, EDR and other monitoring systems.
AI Analysis
Automatic incident classification with artificial intelligence and event correlation.
CIA Assessment
Impact analysis on Confidentiality, Integrity and Availability of systems.
IOC Enrichment
Automatic enrichment of indicators of compromise with threat intelligence.
ACN Auto-fill
Automatic completion of ACN notification forms with collected data.
Review
Review and approval of the report by the security team before submission.
Phase Management
Management of notification phases: early warning, detailed report and final report.
Submit & Archive
Notification submission to CSIRT and complete archiving for audit and compliance.
NIS 2 notification timeline
The NIS 2 Directive imposes precise timelines for incident notification to CSIRT. Aegister automates every phase.
Early Warning
Preliminary notification to CSIRT within 24 hours of significant incident detection.
Detailed Report
Update with initial assessment, severity, impact and indicators of compromise.
Final Report
Conclusive report with root cause analysis, mitigation measures adopted and lessons learned.
ACN incident taxonomy
Automatic classification according to the National Cybersecurity Agency taxonomy.
Abusive Content
Threat Type
Threat Actor
Attack Class
Significance flags
Delivered through Aegister Cyber Console
The Incident Notification workflow is integrated into Aegister Cyber Console, alongside controls, remediation tasks, and audit-ready documentation for NIS 2 and ISO/IEC 27001.
Explore the platformIncident Notification Insights
Guides and insights on security incident management and NIS 2 notification obligations.
15 Apr 2026
ACN NIS Platform Roles, Access, and User Association
The ACN platform determination defines a governed role model for NIS compliance: point of contact, substitute, CSIRT contact, segreteria, and operator. Authentication is via personal CIE/SPID, and association to the subject is validated through the digital domicile.
14 Apr 2026
New NIS Subjects in 2026: Incident-Notification and Baseline-Measure Deadlines
The ACN 2026 timing determination sets a distinct implementation path for entities first listed in the Italian NIS perimeter during 2026: significant-incident notification starts on 1 January 2027 and baseline security measures must be adopted by 31 July 2027.
20 Feb 2026
ACN Adopts Incident Taxonomy Under Law 90/2024: What Obligated Entities Must Do Now
ACN adopted the incident taxonomy under Law 90/2024 via the Determina of 9 February 2026. Obligated entities must now report incidents within 24 hours and notify within 72 hours based on Allegato A classifications.
19 Feb 2026
NIS2 Incident Management Documentation Review: Method, Gaps, and Remediation Priorities
Practical review model for NIS2 incident-management documentation covering process integrity, notification readiness, role accountability, and crisis-recovery integration.
18 Feb 2026
NIS2 Point of Contact and CSIRT Contact Role: Accountability and Operating Duties
NIS2 implementation guidance distinguishes the legal Point of Contact from the operational CSIRT contact role. Practical guide to role formalization, substitute model, competence mapping, and audit-ready evidence.
13 Feb 2026
NIS2 Significant Incident IS-3: Violation of Expected Service Levels
IS-3 in the ACN baseline model covers service-level violation incidents affecting entity services and activities. Practical guide to qualification, service-impact mapping, and escalation workflow.