The Department of Homeland Security and the European Commission’s Directorate General for Communications, Networks, Content and Technology have agreed to collaborate on streamlining cyber incident reporting for victim organizations, particularly multinational companies.
In a joint report, DHS and DG CONNECT assessed recommendations from the 2023 DHS Harmonization of Cyber Incident Reporting document and the incident reporting rules in the European Union’s NIS 2 directive to identify the similarities and differences in their processes.
The comparative analysis focuses on definitions and reporting thresholds; timelines, triggers and types of cyber incident reporting; contents of cyber incident reports; reporting mechanisms; aggregation of incident data; and public disclosure of cyber incident information.
The initiative is expected to help reduce the administrative burden on reporting entities. Robert Silvers, DHS undersecretary for strategy, policy and plans and Wash100 winner, highlighted the need to harmonize domestic incident reporting rules with those of the U.S.’ partners, noting the requirement for multinational companies to report incidents to numerous governments.
In the coming months, DHS and DG Connect will work to implement mandatory reporting regimes that will align agencies’ reporting requirements.
In 2025, the partnership will focus on cybersecurity incident taxonomies, reporting templates and the content of reports and formats, among other technical aspects of cyber incident reporting.
The collaboration was established after DHS Secretary Alejandro Mayorkas and European Commissioner for Internal Market Thierry Breton made a commitment to strengthen cooperation between the United States and the EU in the field of cyber resilience.