Troubleshooting
What to do when something goes wrong?
Missed the BSI registration deadline — now what?
Deadline missed, fine risk, late registration and BSI communication.
Ransomware attack — what to do immediately under NIS 2
First 24 hours: containment, early warning to BSI (Article 23), crisis communication, payment decision, evidence preservation. What is legally required, what is not.
Phishing incident — is this a significant incident under NIS 2?
When a phishing wave crosses the CIR §11.6 threshold and how the early warning to the BSI looks.
DDoS attack — mitigation and reporting under NIS 2
Detection, mitigation at the ISP, §32 BSIG notification, and post-incident review.
Supplier breached — your own NIS 2 duties
When a supplier breach forces your own early warning, what Article 21(2)(d) requires.
Cloud provider outage — reportable under NIS 2?
When a cloud outage counts as a significant incident and which Article 21(2)(c) steps risk management requires.
Received a BSI request — how to respond
The first §64 BSIG letter: deadlines, cooperation duty, sensible counsel, what not to do.
Data breach — NIS 2 and GDPR in parallel
Two supervisors, two clocks, one investigation: how Article 23 NIS 2 and Article 33 GDPR run in parallel.