Guides

Your AI agent caused a security incident. Your NIS2 report is due in 24 hours.

Neon sign reading 24 HRS above a doorway at night, a reminder of the NIS2 early-warning deadline
24H → 72H → 1 MONTHBSI · GDPR · AI ACTPhoto by Erik Mclean on Unsplash

Get the research

New teardowns on agent & NHI security, in your inbox.

Monday morning, 7:43 am: over the weekend your AI agent autonomously synced customer data into the wrong system, or was tricked via prompt injection into leaking credentials. The first question is no longer just "how do we stop this?" but also: "is our 24-hour clock already running?"

The answer will surprise many: yes, very likely. Since Germany's NIS2 implementation act (NIS2UmsuCG) came into force in December 2025, roughly 29,000 essential and important entities are subject to a three-stage reporting obligation to the BSI, and it does not care whether a human, a piece of malware or your own AI agent caused the incident. This post covers when an AI agent incident is reportable, what the reporting path looks like in practice, and why your incident response process needs an "agentic AI" chapter now.

Short answer

  • Yes, an AI agent incident is NIS2-reportable if your company falls under NIS2 and the incident is significant.
  • The obligation is cause-neutral: what counts is the impact (service disruption, financial damage, data exfiltration), not the perpetrator.
  • An agent that causes a breach (misconfiguration, autonomous error) or enables one (compromised agent identity, prompt injection) triggers the same deadlines as any ransomware attack.
  • The clock: early warning in 24 hours, follow-up in 72 hours, final report after one month.

The three NIS2 reporting deadlines at a glance

StageDeadlineContentRecipient
Early warning24h after awarenessSuspicion, whether intentional/unlawful, possible cross-border impactBSI (reporting portal)
Follow-up72h after awarenessInitial assessment: severity, impact, indicators of compromise (IoCs)BSI
Final report1 monthDetailed description, root cause, countermeasures, cross-border effectsBSI

Important: the early warning is not a complete analysis. It is a first notification. Many companies report too late because they want to gather "all the facts" first. That is exactly the most expensive mistake: missing the 24-hour deadline risks fines of up to 10 million euros or 2% of global annual revenue. Details on deadlines and reporting paths are available from the BSI and in the practical guides by secjur and Althammer & Kill.

Why AI agents make the reporting obligation harder

Problem 1: when does "awareness" start for an autonomous system?

The clock runs from awareness of the incident. But who is "aware" when an agent misbehaves at 3 am and nobody notices until noon? Without complete agent logging and alerting, your awareness shifts later, but your duty of proof does not. Auditors will ask why your monitoring did not catch the incident earlier.

Problem 2: is it even a "security incident"?

A hallucinating agent that sends out wrong data: quality problem or security incident? The line is blurry. Rule of thumb: as soon as confidentiality, integrity or availability of systems or data is impaired (data exfiltration through a confused-deputy attack, deleted records, blocked services), you are in NIS2 territory. The BSI already warns explicitly that AI agents with extended permissions are the fastest-growing attack surface in enterprise IT.

Problem 3: the forensics gap

For the 72-hour follow-up you need IoCs and a severity assessment. For classic attacks, EDR and SIEM deliver the data. For AI agents you additionally need: complete prompt and response logs, tool-call history, and the credentials and permissions in use at the time of the incident. If you do not log these, you simply cannot fill in the follow-up report credibly.

Problem 4: double and triple reporting duties

An AI agent incident rarely touches NIS2 alone. If personal data is affected, the 72-hour GDPR deadline (Art. 33) to the data protection authority runs in parallel. And from August 2, 2026, the Bundesnetzagentur takes over market surveillance under the EU AI Act: high-risk AI systems then face reporting duties for serious incidents under Art. 73. Three authorities, three deadlines, one incident.

24h early warning · 72h follow-up · 10M€ max fine
The deadline does not ask who caused the incident. Your logging decides whether you can meet it.

Checklist: making your incident response agent-ready

  1. Add AI agents to the incident playbook. Define "agent causes incident" and "agent gets compromised" as distinct scenarios with owners and escalation paths.
  2. Technically secure the moment of awareness. Anomaly alerting on agent behavior, so the 24-hour clock does not run before anyone is looking.
  3. Prepare agent forensics. Store prompt logs, tool calls, credential usage and permission snapshots in an audit-proof way. This is the basis for the 72h follow-up.
  4. Implement and test a kill switch. The first countermeasure in your early warning will read: "agent stopped at XX:XX". That has to take minutes, not hours.
  5. Clarify reporting responsibilities. Who reports to the BSI, who to the data protection authority, who to the Bundesnetzagentur from August 2026? Decide once, rehearse yearly.
  6. Maintain an agent inventory. You can only report what you can attribute. Every agent needs an owner, a purpose and documented permissions; see our guide to non-human identities.
  7. Run a tabletop exercise with an AI scenario. Simulate an agent incident including the report once a year. Under NIS2, management is personally liable; they should practice too.

Frequently asked questions

Do I have to report if a vendor's AI agent caused the incident?

Yes, if your systems or services are affected. NIS2 also holds you responsible for your supply chain. Check whether your contracts cover AI agent usage and the vendor's reporting duties.

Does the reporting obligation apply to internal incidents without an attacker?

Yes. A purely internally caused outage (an agent deleting production data) can be a significant security incident. Intent or external attackers are not a prerequisite.

What happens if I do not report?

Fines up to 10 million euros or 2% of global revenue, personal liability for management, and, in a claims scenario, trouble with your cyber insurance, which increasingly demands evidence of agent governance.

Conclusion: the deadline does not ask who caused the incident

AI agents accelerate your business, and in an emergency they accelerate your reporting duties too. The NIS2 24-hour deadline applies regardless of cause, and with AI Act market surveillance starting in August 2026, regulatory pressure will only grow. Teams that extend their incident response with agent logging, kill switches and clear reporting responsibilities now will report calmly instead of in panic.

Next step: check today whether your incident response playbook contains the words "AI agent" at all. If not, you know what this week looks like. Elmoz gives you the agent inventory and reach map that a credible report is built on.

Keep reading

Sources & further reading

Elmoz · Agent attack surface intelligence Jul 9, 2026