--- title: NIS 2 Incident Notification - AI-Powered Workflow description: "Manage and report security incidents according to the NIS 2 Directive with Aegister's AI-powered workflow. CSIRT integration, automatic compilation and notification phase management." canonical: https://www.aegister.com/en/solutions/compliance/nis2/incident-notification/ url: /en/solutions/compliance/nis2/incident-notification/ lang: en --- ![](/static/images/header.webp) # NIS 2 Incident Notification AI-powered workflow for managing and reporting security incidents according to the NIS 2 Directive. ## 8 steps from incident to notification A complete and automated workflow to manage every security incident, from detection to closure. 01 ### Ingestion Automatic alert reception from SIEM, XDR, EDR and other monitoring systems. 02 ### AI Analysis Automatic incident classification with artificial intelligence and event correlation. 03 ### CIA Assessment Impact analysis on Confidentiality, Integrity and Availability of systems. 04 ### IOC Enrichment Automatic enrichment of indicators of compromise with threat intelligence. 05 ### ACN Auto-fill Automatic completion of ACN notification forms with collected data. 06 ### Review Review and approval of the report by the security team before submission. 07 ### Phase Management Management of notification phases: early warning, detailed report and final report. 08 ### Submit & Archive Notification submission to CSIRT and complete archiving for audit and compliance. --- ## NIS 2 notification timeline The NIS 2 Directive imposes precise timelines for incident notification to CSIRT. Aegister automates every phase. 24h ### Early Warning Preliminary notification to CSIRT within 24 hours of significant incident detection. 72h ### Detailed Report Update with initial assessment, severity, impact and indicators of compromise. 1m ### Final Report Conclusive report with root cause analysis, mitigation measures adopted and lessons learned. --- ## ACN incident taxonomy Automatic classification according to the National Cybersecurity Agency taxonomy. BC Abusive Content TT Threat Type TA Threat Actor AC Attack Class ### Significance flags IS\_1 — Confidentiality loss IS\_2 — Integrity loss IS\_3 — Service level violation IS\_4 — Impact on other entities --- ## Integrates with your tools SIEM XDR EDR SOAR Request a Demo [Contact us](/en/contact/) --- ## Incident Notification Insights Guides and insights on security incident management and NIS 2 notification obligations. [![ACN NIS Platform Roles, Access, and User Association](/static/images/cms/nis2-piano-implementazione-18-mesi.webp) 15 Apr 2026 ### ACN NIS Platform Roles, Access, and User Association The ACN platform determination defines a governed role model for NIS compliance: point of contact, substitute, CSIRT contact, segreteria, and operator. Authentication is via personal CIE/SPID, and association to the subject is validated through the digital domicile.](/en/cms/insights/acn-nis-platform-roles-access-user-association/) [![New NIS Subjects in 2026: Incident-Notification and Baseline-Measure Deadlines](/static/images/cms/nis-registrazione-2026-scadenza.webp) 14 Apr 2026 ### New NIS Subjects in 2026: Incident-Notification and Baseline-Measure Deadlines The ACN 2026 timing determination sets a distinct implementation path for entities first listed in the Italian NIS perimeter during 2026: significant-incident notification starts on 1 January 2027 and baseline security measures must be adopted by 31 July 2027.](/en/cms/insights/new-nis-subjects-2026-incident-notification-deadlines/) [![ACN Adopts Incident Taxonomy Under Law 90/2024: What Obligated Entities Must Do Now](/static/images/cms/acn-tassonomia-incidenti-legge-90.webp) 20 Feb 2026 ### ACN Adopts Incident Taxonomy Under Law 90/2024: What Obligated Entities Must Do Now ACN adopted the incident taxonomy under Law 90/2024 via the Determina of 9 February 2026. Obligated entities must now report incidents within 24 hours and notify within 72 hours based on Allegato A classifications.](/en/cms/insights/acn-incident-taxonomy-law-90-2024/) [![NIS2 Incident Management Documentation Review: Method, Gaps, and Remediation Priorities](/static/images/cms/compliance-documentation-audit-nis2.webp) 19 Feb 2026 ### NIS2 Incident Management Documentation Review: Method, Gaps, and Remediation Priorities Practical review model for NIS2 incident-management documentation covering process integrity, notification readiness, role accountability, and crisis-recovery integration.](/en/cms/insights/nis2-incident-management-documentation-review-method/) [![NIS2 Point of Contact and CSIRT Contact Role: Accountability and Operating Duties](/static/images/cms/nis2-requisiti-di-base.webp) 18 Feb 2026 ### NIS2 Point of Contact and CSIRT Contact Role: Accountability and Operating Duties NIS2 implementation guidance distinguishes the legal Point of Contact from the operational CSIRT contact role. Practical guide to role formalization, substitute model, competence mapping, and audit-ready evidence.](/en/cms/insights/nis2-point-of-contact-csirt-role-accountability/) [![NIS2 Significant Incident IS-3: Violation of Expected Service Levels](/static/images/cms/nis2-requisiti-di-base.webp) 13 Feb 2026 ### NIS2 Significant Incident IS-3: Violation of Expected Service Levels IS-3 in the ACN baseline model covers service-level violation incidents affecting entity services and activities. Practical guide to qualification, service-impact mapping, and escalation workflow.](/en/cms/insights/nis2-significant-incident-is-3-service-level-violation/) [View all Incident Notification articles →](/en/cms/keyword/incident-notification/)