Network Incidents

Section 11 (1) of the Communications Regulation and Digital Hub Development Agency (Amendment) Act 2023, (No. 4 of 2023) (“the Act of 2023”), requires providers to notify ComReg of any security incident that has had or is having a significant impact on the operation of the provider’s Electronic Communications Networks or Services (“ECN” or “ECS”). Providers should note:

• ComReg document (24/23) contains Decision Instrument D08/24 which sets out how providers must report significant security incidents to ComReg.
• Providers should report incidents through the e-licensing Incident Reporting Portal.
• More details on how to register and use the reporting Portal can be found from here.

In 2024, ComReg published ComReg document (24/23) (Network Incident Reporting Thresholds), which replaces ComReg document 14/02, taking into account:

• the Act of 2023,
• the European Union (Electronic Communications Code) Regulations 2022, S.I. No. 444 of 2022, the Regulations of 2022, and;
• the ENISA Revised Guidelines on Incident Reporting under the EECC published in 2021.

Under section 11(9) of the Act of 2023, ComReg shall in each year submit a summary report to the Minister, the European Commission and ENISA on the notifications of security incidents received and the actions taken by ComReg in accordance with section 11 of the Act of 2023.

Management of a security incident is the responsibility of the provider concerned, calling upon resources as appropriate to assist in the efficient handling of the issue. In some circumstances this may include a provider requesting the support of ComReg, for example to assist in its coordination of the incident response with other parties such as other interconnected providers.

In case of issues using the portal, and for further questions, please contact ComReg via the following dedicated e-mail (incident@comreg.ie).