Romanian Cyber Security Journal / Fall 2025, No. 2, Vol. 7

NIS 2 Reporting Obligations: Achieving compliance with a SIEM

Cosmin-Matei MĂCĂNEAȚĂ

---

Abstract

This paper examines how organizations can meet the reporting obligations imposed by the NIS 2 Directive (EU 2022/2555) through the deployment of Security Information and Event Management (SIEM) capabilities. Using a qualitative comparative analysis of the Directive’s requirements and current operational guidance, complemented by sector-specific evidence from the energy and healthcare domains, the study identifies how real-time monitoring, structured logging, and staged notifications support compliance with Articles 21 and 23 of the Directive. The analysis draws on the legal text of NIS 2 (European Commission, 2023) and recent guidance and threat-landscape reporting from ENISA (2024; 2025) and CERT-EU (2024) to demonstrate how SIEM-enabled detection, consolidation of evidence, and audit-ready reporting align with the Directive’s early-warning (24 hours), incident-notification (72 hours), and final-report (one month) requirements. The paper contributes a practical mapping between regulatory obligations and technical processes that organizations can replicate across essential and important entities.

Keywords

NIS 2 Directive, Cyber risk, ENISA, EU Regulation, Incident reporting, Cybersecurity, SIEM, Security measure