NIS2 Incident Reporting — Article 23 (24h / 72h)
NIS2 Incident Reporting — Article 23 (24h / 72h) — 67% covered.
3 requirements · 2 enforced · 0 designed · 0 advisory · 0 deferred.
Source: The NIS2 Directive (Directive (EU) 2022/2555) requires essential and important entities to notify their CSIRT or competent authority of significant incidents on a staged clock: an early warning within 24 hours, an incident notification within 72 hours, and a final report within one month (Article 23). KYE Protocol™ governs whether an AI-assisted disclosure-timing decision / containment action under NIS2 may PROCEED to a consequential incident action — under a named accountable officer's authority, with chain-of-custody recorded, and a contestability record so the timing decision can be reconstructed and challenged. KYE does not detect the incident, run the security stack, or determine the technical impact. · License: NIS2 is an EU directive published in the Official Journal of the European Union; KYE registry paraphrases each requirement's intent and cites the official article identifier for mapping purposes only.
By category
| Category | Reqs | Enforced | Designed | Advisory | Deferred | Coverage |
|---|---|---|---|---|---|---|
| Disclosure-timing authority on the 24h / 72h notification clock | 1 | 1 | 0 | 0 | 0 | 100% |
| Incident-evidence chain-of-custody for the notification | 1 | 1 | 0 | 0 | 0 | 100% |
| Incident detection & impact analysis | 1 | 0 | 0 | 0 | 0 | 0% |
Every requirement → the KYE™ artefact that enforces it
| ID | Title | Status | KYE™ enforcement |
|---|---|---|---|
nis2-incident.notification-clock-authority |
The 24h / 72h notification-clock decision proceeds only under a recorded named-authority decision | enforced | audit_events: kye.purpose.request.v1, kye.purpose.admissibility.v1, kye.evidence.decision_map.v1engines: internal, internalrule_packs: kye:rule-pack:cyber-resilience-incidentdictionaries: internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
nis2-incident.notification-evidence-custody |
Incident evidence backing a NIS2 notification proceeds only with a recorded chain-of-custody, contestable in a competent-authority review | enforced | audit_events: kye.evidence.decision_map.v1, kye.evidence.pack.v1, kye.replay.context_seal.v1engines: internal, internalrule_packs: kye:rule-pack:cyber-resilience-incidentconstitution_refs: constitution/13-RESILIENCE-LOOP.md, constitution/21-DELEGATED-AUDITABILITY.md |
nis2-incident.detection-impact-analysis |
Incident detection and impact analysis | out-of-scope | (no enforcement cited) |