Under the NIS Regulations, Operators of Essential Service must report an incident which has a significant impact on the continuity of the essential service that they provide.

This could be a cyber or non-cyber (resilience) incident and must be reported without undue delay, and in any event within 72 hours of becoming aware of the incident.

An incident reporting form must be completed outlining the nature of the incident as part of the reporting process and emailed to nis.incident@finance-ni.gov.uk

Do not submit any sensitive information over email.

Before submitting sensitive security information to the Compliance and Enforcement Team please contact us to receive secure handling instructions to transfer this information.

Post Incident Review

The NIS Competent Authority will continually assess the incident with input from the OES on a regular basis. As part of this assessment the NIS Competent Authority will endeavour to gauge if there are any grounds for enforcement action to be taken.


Back to top