Report a security incident (NIS notification obligation)
Essential critical infrastructure operators and service providers must notify any security incidents in their network and information systems to the authorities.
Use this form to report a security incident referred to in the EU Network and Information Security Directive to the supervisory authority in your sector. You can also submit a voluntary notification on the incident to us (NCSC-FI).
Critical infrastructure providers and essential digital service providers are obliged to report security incidents to the supervisory authority in their sector.
The notification obligation applies to:
You can also submit a voluntary incident report to us (NCSC-FI) to receive our assistance and be able to resolve the incident and share information within a trust network.
We request official reports from the supervisory authorities once a year and provide them to the EU. The NCSC-FI coordinates national and international cooperation and acts as the single point of contact in Finland in information exchanges between EU countries.