← All Countries

Bulgaria

Regulatory reporting authorities for incident notification in Bulgaria.

CERT Bulgaria

CSIRT — Cyber Incident Response

NIS2 Art. 23 requires essential and important entities to report significant cyber incidents to their national CSIRT.

Regulation: NIS2 Directive 2022/2555, Art. 23
Deadlines: 24h early warning, 72h notification, 1-month final report
Email: cert@govcert.bg
Website: https://govcert.bg/

Commission for Personal Data Protection

Data Protection Authority

GDPR Art. 33 requires notification of personal data breaches to the supervisory authority within 72 hours. Art. 34 may require notification to affected data subjects.

Regulation: GDPR (Regulation 2016/679), Art. 33-34
Deadline: 72 hours after becoming aware of the breach
Email: kzld@cpdp.bg
Website: https://www.cpdp.bg/

No DORA financial supervisor listed for Bulgaria. DORA applies only to EU financial entities.

Communications Regulation Commission

Digital Services Coordinator (DSA)

The Digital Services Act (Regulation 2022/2065) requires each Member State to designate a Digital Services Coordinator to oversee intermediary services and online platforms.

Regulation: DSA (Regulation 2022/2065), Art. 49
Scope: Intermediary services, hosting, online platforms
Website: https://www.crc.bg

Track these deadlines automatically

SiteGuardian pre-fills your reporting contacts, tracks NIS2 and GDPR deadlines, and logs every notification step for audit evidence.

Start monitoring free →

Bulgaria

CERT Bulgaria

Commission for Personal Data Protection

Communications Regulation Commission

Track these deadlines automatically

Are you sure?