Incident management with control
The Cybersecurity Act requires significant incidents to be reported to the authority within tight deadlines. Securapilot incident management keeps track of all four reports — from early warning to final report — with automatic deadlines.
The reporting obligation — a requirement you cannot miss
Essential and important entities covered by the Cybersecurity Act must report significant incidents to the authority. Deadlines are short, several reports are required and the content requirements are specific. A missed step can mean administrative fines.
Securapilot incident management calculates the deadlines for you, sends reminders in advance and logs every report to IRON.
What the law requires of you
The Cybersecurity Act and MCFFS 2026:8 set concrete requirements for how significant incidents must be handled and reported.
Early warning within 24 hours
An initial early warning must be submitted to the authority within 24 hours of the incident being detected.
Incident notification within 72 hours
A more detailed incident notification must be submitted within 72 hours of detection.
Final report within 1 month
A final report must be submitted no later than one month after the first reporting occasion.
Materiality assessment
Every incident must be assessed against the law's thresholds to determine whether it is a significant incident.
Duty to inform
Service recipients must, where appropriate, be informed of significant incidents and cyber threats.
Reporting to IRON
Reports are submitted to the authority via the IRON reporting portal, and where applicable also to the CSIRT and supervisory authority.
Four report types, automatic deadlines
Securapilot calculates the deadline for each report automatically — based on when the incident was detected and when the first report was submitted.
Early warning
Counted from
Detection
The first signal to the authority that a significant incident has occurred.
Incident notification
Counted from
Detection
Detailed notification covering the incident's nature, impact and the actions taken.
Progress report
Counted from
Request by the authority
An update on the incident's development when the authority asks for it.
Final report
Counted from
First reporting occasion
Final account of the incident, root cause and the measures carried out.
How the module helps you report correctly
Six capabilities that ensure all four reports (24 h, 72 h, 1 month, progress report) are completed on time.
Guided incident registration
A step-by-step wizard collects basic details, classification and impact with a structured consequence analysis.
Decides whether the incident must be reported
The system weighs the incident's impact against the legal thresholds and decides whether it is a significant incident that must be reported.
Works out every deadline for you
Deadlines for 24 h, 72 h and the final report are worked out automatically from when the incident was detected and when the first report was submitted.
Reminders in advance
Reminders are sent at three levels via email and in-app as a deadline approaches or has passed.
Completeness check
A report cannot be submitted until every mandatory field for the report type is filled in.
Export in MCF's reporting format
The report is exported as a structured PDF matching the fields in MCF's reporting portal (IRON) — paste in the answers and send.
Link to a GDPR breach
If personal data is affected, a linked personal data breach can be created automatically in the GDPR module for dual reporting.
Every action is logged
Every action is logged with user, time and change — the whole handling can be reconstructed afterwards.
The full incident lifecycle in one place
The incident follows a clear status chain that mirrors the phases of incident handling.
Frequently asked questions about incident management
What deadlines apply to incident reporting under NIS2?
An early warning must be submitted within 24 hours of detection, an incident notification within 72 hours and a final report no later than one month after the first reporting occasion. Securapilot calculates all deadlines automatically.
How do we know whether an incident is a significant incident?
Securapilot automatically assesses every incident against the thresholds in the Cybersecurity Act and MCFFS 2026:8 — duration of disruption, number of affected service recipients, financial damage and several qualitative criteria. The assessment is made authoritatively on the server at submission.
Where are the reports sent?
Reports are submitted to the Swedish Civil Defence authority (MCF) via the IRON reporting portal. Securapilot generates a structured PDF that simplifies the transfer. Where applicable, reports are also sent to the CSIRT (CERT-SE) and the relevant supervisory authority.
What happens if the incident also involves personal data?
A linked personal data breach can then be created automatically in the GDPR module. The NIS2 incident and the GDPR notification each have their own reporting path and deadlines — NIS2 to MCF, GDPR to the data protection authority within 72 hours.
Take control of your incident reporting
Book a demo and we'll show you how Securapilot helps you handle and report incidents correctly and on time.
Related modules
Build a complete management system by combining modules that work together.