NIS2 · ARTICLE 23 · EU

NIS2 is already live.
Your detection evidence
cannot be improvised later.

Vantuz helps companies create high-confidence breach signals, response evidence and incident dossiers before the 24-hour reporting clock becomes a board problem.

FILE № 01 · THE LAW

What Article 23
actually demands.

NIS2, the EU's Network and Information Security directive, has applied since October 2024. Article 23 requires in-scope organisations to submit an early warning within 24 hours after becoming aware of a significant incident.

The practical problem is simple: if your company cannot create trustworthy detection evidence, you cannot confidently decide whether the notification clock has started.

The directive reaches essential and important entities across Europe, including many digital providers, managed service providers, cloud services and mid-market companies operating in regulated sectors.

24h
early-warning window
18
covered sector groups
2024
NIS2 applicability
FILE № 02 · MAPPING

Requirement, covered.

How NIS2 incident-readiness maps onto Vantuz capabilities. Vantuz supports the evidence workflow; your organisation and advisers still decide what is legally reportable.

NIS2 requirement
How Vantuz covers it
01
Become aware of significant incidents quickly
Honeytokens create high-confidence breach signals when touched.
02
Document evidence and timeline
Automated incident timeline, attacker context and audit trail.
03
Assess Article 23 notification duties
Incident dossier helps your team decide what must be reported.
04
Show risk management and response measures
Hardening plans, suggested traps and controlled response actions.
FILE № 03 · DOSSIER

What's in the
compliance PDF.

One file. Auto-generated. Built for internal security review, board updates and legal/compliance assessment.

VTZ-2026-05-12-7714.pdf
● READY
NIS2, Article 23 incident dossier
────────────────────────────────────
Filed by : Vantuz · tenant eu-prod-04
Filed at : 2026-05-12T14:33:12Z
Authority : CNCS (PT) · authority-eu pending
Severity : high · score 0.97
Actor : autonomous-agent
Contained : iam.revoke · cf.block
────────────────────────────────────
✓ evidence-ready · sha256 e3b0c44…
01
Attacker IP + geolocation
ASN, country, residential vs. datacenter, TOR exit flag.
02
Attack timestamp
UTC + your local TZ, sub-second precision.
03
Honeytoken triggered
Which primitive, where it was planted, when.
04
Risk score
Deterministic 0-100, with the breakdown of each input.
05
MITRE techniques
Full ATT&CK chain, tactic + technique IDs.
06
Containment actions
Every action Vantuz executed, with timestamps and return codes.
07
Evidence chain
Hash-chained event log, suitable for legal review.
FILE № 04 · SCOPE

Who's in scope.

NIS2 covers essential and important sectors. In many cases, medium-sized and larger organisations in these sectors are in scope; exact obligations depend on national transposition and your legal classification.

01
Energy
Electricity, gas, oil, district heating
02
Transport
Air, rail, road, water
03
Banking
Credit institutions
04
Financial markets
Trading venues, central counterparties
05
Healthcare
Hospitals, labs, manufacturers of devices
06
Drinking water
Supply and distribution
07
Digital infrastructure
DNS, TLD registries, IXPs, data centres
08
ICT service mgmt.
MSPs, MSSPs
09
Public administration
Central + regional government
10
Cloud services
IaaS, PaaS, SaaS at scale
FILE № 05 · DEPLOY

Create detection evidence
before an incident forces the issue.

Start free Talk to compliance
EU core data plane · NIS2 incident-ready · No agent on your network