NIS2-meldplicht bij incidenten: met Freshservice voldoe je eenvoudig aan de richtlijnen
Freshservice

What is NIS2 and why is it relevant?

The European NIS Directives are implemented in the Netherlands as the Cyber Security Act (cbs). This Act imposes obligations on organisations to increase their digital resilience and to report cyber incidents in a timely manner. For companies in critical sectors, this means that incidents must not only be recorded, but also reported correctly to the competent authority within strict time limits.

The reporting obligation under NIS2

Under NIS2, significant cyber incidents must be reported without undue delay, and no later than 24 hours after the incident is discovered. This is followed by an update within 72 hours and a full final report within one month. These tight deadlines require well-organised workflows and quick decision-making.

When is an incident significant?

Not every incident falls under the NIS2 reporting obligation. An incident is considered significant when it:

  • Leads to serious disruption of services or financial damage to the organisation; or
  • Has consequences for third parties, such as customers or partners, both tangible and intangible.

It is important to note that the impact does not have to have fully materialised yet: imminent or potential damage also falls under the definition. Article 23(3) of the NIS2 Directive deliberately uses a broad definition, so that organisations themselves must assess which incidents are reportable. This room for interpretation means that a structured and consistent approach is crucial for timely and accurate reporting.

Freshservice: practical and compliant incident management

Freshservice helps organisations to implement the NIS2 reporting obligation in a practical way. With this tool, you can:

  • Automatically register incidents and forward them to the appropriate person responsible
  • Set up escalations and reporting rules to meet 24/72-hour deadlines
  • Automate workflows and record notifications and updates
  • Generate clear reports and dashboards for audits and regulators

This makes incident management efficient, structured and demonstrably compliant.

Gorilla Services

Your partner in NIS2 compliance

Fully integrating NIS2 into your processes requires more than just tooling. Gorilla Services helps organisations set up workflows, configure Freshservice modules, and define triggers and time limits.
Contact us

For a leading company in the technology and infrastructure sector, for example, we have set up a workflow whereby incidents are reported within 24 hours, an initial update is provided within 72 hours, and a full final report is available within one month. All reports are automatically sent to the security officer and recorded in a synchronised ticket list.

In addition, we offer guidance and training so that your team can manage and optimise the processes and demonstrate compliance.

From ad hoc to demonstrable control

The reporting obligation under NIS2 requires more than a reactive attitude. It requires:

✅ Proactive monitoring

✅ Clear impact assessment

✅ Demonstrable decision-making

✅ Accountability throughout the chain

By working with a solid incident response plan, clear internal roles and processes, and tooling such as Freshservice, you not only comply with NIS2 guidelines, but also increase digital resilience and trust among customers and regulators. And above all, you are prepared, because 24 hours is very short.

Would you like to set up incident management within the framework of NIS2, or find out how to integrate this into your Freshservice environment? Feel free to contact us.

Gorilla Services is happy to help!