Incident management with control
The Cybersecurity Act requires significant incidents to be reported to the authority within tight deadlines. Securapilot incident management guides you the whole way — from detection to a submitted final report — so nothing is missed.
The reporting obligation — a requirement you cannot miss
Essential and important entities covered by the Cybersecurity Act must report significant incidents to the authority. Deadlines are short, several reports are required and the content requirements are specific. A missed step can mean administrative fines.
Securapilot incident management makes reporting structured, traceable and deadline-driven — so you always stay in control.
What the law requires of you
The Cybersecurity Act and MCFFS 2026:8 set concrete requirements for how significant incidents must be handled and reported.
Early warning within 24 hours
An initial early warning must be submitted to the authority within 24 hours of the incident being detected.
Incident notification within 72 hours
A more detailed incident notification must be submitted within 72 hours of detection.
Final report within 1 month
A final report must be submitted no later than one month after the first reporting occasion.
Materiality assessment
Every incident must be assessed against the law's thresholds to determine whether it is a significant incident.
Duty to inform
Service recipients must, where appropriate, be informed of significant incidents and cyber threats.
Reporting to IRON
Reports are submitted to the authority via the IRON reporting portal, and where applicable also to the CSIRT and supervisory authority.
Four report types, automatic deadlines
Securapilot calculates the deadline for each report automatically — based on when the incident was detected and when the first report was submitted.
Early warning
Counted from
Detection
The first signal to the authority that a significant incident has occurred.
Incident notification
Counted from
Detection
Detailed notification covering the incident's nature, impact and the actions taken.
Progress report
Counted from
Request by the authority
An update on the incident's development when the authority asks for it.
Final report
Counted from
First reporting occasion
Final account of the incident, root cause and the measures carried out.
How the module helps you report correctly
Every part of incident management is built to reduce the risk of errors and missed deadlines.
Guided incident registration
A step-by-step wizard collects basic details, classification and impact with a structured consequence analysis.
Automatic materiality assessment
The system weighs the incident's impact against the law's thresholds and determines whether it is a significant incident.
Automatically calculated deadlines
Deadlines for 24 h, 72 h and the final report are calculated automatically from detection and the first report.
Escalating deadline reminders
Reminders are sent at three levels via email and in-app as a deadline approaches or has passed.
Completeness check
A report cannot be submitted until all mandatory fields for the report type are filled in.
IRON-ready PDF export
The report data is exported as a structured PDF that simplifies the transfer to the authority's IRON portal.
GDPR dual reporting
If personal data is affected, a linked personal data breach can be created automatically in the GDPR module.
Complete audit trail
Every action is logged with user, time and change — the entire process is traceable.
The full incident lifecycle in one place
The incident follows a clear status chain that mirrors the phases of incident handling.
Frequently asked questions about incident management
What deadlines apply to incident reporting under NIS2?
An early warning must be submitted within 24 hours of detection, an incident notification within 72 hours and a final report no later than one month after the first reporting occasion. Securapilot calculates all deadlines automatically.
How do we know whether an incident is a significant incident?
Securapilot automatically assesses every incident against the thresholds in the Cybersecurity Act and MCFFS 2026:8 — duration of disruption, number of affected service recipients, financial damage and several qualitative criteria. The assessment is made authoritatively on the server at submission.
Where are the reports sent?
Reports are submitted to the Swedish Civil Defence authority (MCF) via the IRON reporting portal. Securapilot generates a structured PDF that simplifies the transfer. Where applicable, reports are also sent to the CSIRT (CERT-SE) and the relevant supervisory authority.
What happens if the incident also involves personal data?
A linked personal data breach can then be created automatically in the GDPR module. The NIS2 incident and the GDPR notification each have their own reporting path and deadlines — NIS2 to MCF, GDPR to the data protection authority within 72 hours.
Take control of your incident reporting
Book a demo and we'll show you how Securapilot helps you handle and report incidents correctly and on time.
Related modules
Build a complete management system by combining modules that work together.