Comparative Assessment of the DHS Harmonization of Cyber Incident Reporting to the Federal Government Report and the Rules on Incident Reporting in the NIS 2 Directive

To inform the ongoing implementation of Cyber Incident Reporting for Critical Infrastructure Act of 2022 and the EU Directive on a High Level of Cybersecurity Across the Union (NIS 2 Directive) by the respective authorities and to support entities active in multiple jurisdictions in their efforts to respond to cyber incidents, the Department of Homeland Security (DHS) and the European Commission's DG CONNECT are publishing the present joint report that identifies the main similarities and divergences.

For the purpose of this comparison exercise, DHS and DG CONNECT identified six main areas for comparative analysis between the DHS Report and the NIS 2 Directive: (i) definitions and reporting thresholds, (ii) timelines, triggers and types of cyber incident reporting, (iii) contents of cyber incident reports, (iv) reporting mechanisms, (v) aggregation of incident data, and (vi) public disclosure of cyber incident information. Each of the six areas of comparative analysis includes a schematic comparison of the frameworks that adheres to the actual texts, followed by general conclusions on similarities and differences.

Downloads

Comparative Assessment of the DHS Harmonization of Cyber Incident Reporting to the Federal Government Report and the Rules on Incident Reporting in the NIS 2 Directive

Download

Comparative Assessment of the DHS Harmonization of Cyber Incident Reporting to the Federal Government Report and the Rules on Incident Reporting in the NIS 2 Directive

Downloads

Related content

Last update