NIS2 Incident Response Planner
Define your team roles, P1/P2/P3 severity criteria, and NIS2 reporting triggers. The output is a print-ready quick reference card for your incident response team.
This planner helps you build a NIS2-compliant incident response quick reference card. Fill in your team roles and severity levels and you get a card your team can use on the day.
Step 1: Assign team roles
Name the person responsible for each role in an incident.
Step 2: Define severity levels
Set P1/P2/P3 criteria specific to your organisation.
Step 3: Get your card
Review your complete IR quick reference, ready to print.
Find out if your company is in scope
Does your organisation fall under Annex I (Essential) or Annex II (Important) entities?
NIS2 Article 21(2)(b): What is Required?
Article 21(2)(b) of the NIS2 Directive requires formal incident handling plans covering detection, containment, eradication, recovery, and post-incident review.
The plan must include escalation paths and classification criteria tied to the NIS2 reporting obligation under Article 23: early warning within 24 hours, full notification within 72 hours, and a final report within 1 month.
What Counts as a Significant Incident?
Not every incident triggers NIS2 reporting. An incident is significant if it meets at least one of the following criteria:
- Considerable disruption of the services provided or financial loss for the entity
- Impact on other natural or legal persons by causing considerable material or non-material damage
- Unauthorised access to the network and information systems
- Incidents affecting a significant number of users or critical operations