Erwägungsgrund 32

The duration of an incident should be measured from the disruption of the proper provision of the service in terms of availability, authenticity, integrity or confidentiality until the time of recovery. Where a relevant entity is unable to determine the moment when the disruption began, the duration of the incident should be measured from the moment the incident was detected, or from the moment when the incident was recorded in network or system logs or other data sources, whichever is earlier.

Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!