For the purpose of the notification under sub-article (1), the entities concerned shall submit to the CSIRT:

(a) without undue delay and in any event within twenty-four (24) hours of becoming aware of the incident, an early warning, which, where applicable, shall indicate whether the significant incident is suspected of being caused by unlawful or malicious acts or could have a cross-border impact;

(b) without undue delay and in any event within seventy-two (72) hours of becoming aware of the significant incident, an incident notification, which, where applicable, shall update the information referred to in paragraph (a) and indicate an initial assessment of the significant incident, including its severity and impact, as well as, where available, the indicators of compromise;

(c) upon request by a CSIRT, an interim report on relevant status updates;

(d) a final report no later than one (1) month after the submission of the incident notification under sub-article (5)(b) which shall include the following:

(i) a detailed description of the incident, including its severity and impact;

(ii) the type of threat or root cause that is likely to have triggered the incident;

(iii) applied and ongoing mitigation measures;

(iv) where applicable, the cross-border impact of the incident;

(e) in the event of an ongoing incident at the time of the submission of the final report referred to in paragraph (d), the entities concerned shall provide the CSIRT with a progress report at that time and a final report within one (1) month of their having handled the incident.