The organization informs the authority (CNCS) without undue delay about any incident that has a significant impact on the provision of its services (a "significant incident").

A significant incident is one where at least one of the following occurs:

• affects a substantial number of users or has a significant duration
• causes serious disruption of services or financial loss; or
• results in significant material or immaterial harm to individuals or other organizations.

Notifications are to be done step by step according to the descriptions below.

Initial notification (at the latest within 24 hours of detecting the disruption)

• contact details: name, telephone number, and email of a representative (if different from the permanent contact point)
• date/time of incident's start or detection
• brief incident description (cause category and effects, per CNCS taxonomy).
• estimated impact:
  • number of users affected,
  • duration of the incident
  • geographical scope (possible cross-border effects)

Notification of the end of impact (within 24 hours of the end of the impact)

• updates to the initial notification
• a brief description of the measures taken to resolve the incident
• current impact details: users affected, duration, geographical scope, and estimated full recovery time

Final report (at the latest within 1 month of the initial report)

• dates and times when the incident gained and lost significant impact
• full incident description (cause category and effects, per CNCS taxonomy)
• comprehensive impact analysis:
  • number of users affected, duration, and geographical distribution (including potential cross-border effects)
  • applied and ongoing mitigation measures
  • residual impact as of the report date
  • estimated time for complete recovery
  • any notifications submitted to other authorities (e.g., Public Prosecutor, CNPD)

Interim reports (if requested)

If the incident continues after the final report deadline, weekly interim reports must be submitted to CNCS upon request. Each report should include:

• updates to prior information
• measures taken since the last update
• current impact status (users affected, duration, geographical scope, recovery estimate)

Notifications must be submitted electronically through the platform provided by the CNCS.