← All Countries

Finland

Regulatory reporting authorities for incident notification in Finland.

NCSC-FI

CSIRT — Cyber Incident Response

NIS2 Art. 23 requires essential and important entities to report significant cyber incidents to their national CSIRT.

Regulation: NIS2 Directive 2022/2555, Art. 23
Deadlines: 24h early warning, 72h notification, 1-month final report
Email: cert@traficom.fi
Website: https://www.kyberturvallisuuskeskus.fi/

Tietosuojavaltuutetun toimisto

Data Protection Authority

GDPR Art. 33 requires notification of personal data breaches to the supervisory authority within 72 hours. Art. 34 may require notification to affected data subjects.

Regulation: GDPR (Regulation 2016/679), Art. 33-34
Deadline: 72 hours after becoming aware of the breach
Email: tietosuoja@om.fi
Website: https://tietosuoja.fi/

Finanssivalvonta (FIN-FSA)

Financial Supervisory Authority

DORA Art. 19 requires financial entities to report major ICT-related incidents to their competent financial authority.

Regulation: DORA (Regulation 2022/2554), Art. 17-19
Deadline: 4 business hours for major incidents
Email: kirjaamo@finanssivalvonta.fi
Website: https://www.finanssivalvonta.fi/

Track these deadlines automatically

SiteGuardian pre-fills your reporting contacts, tracks NIS2 and GDPR deadlines, and logs every notification step for audit evidence.

Start monitoring free →

Finland

NCSC-FI

Tietosuojavaltuutetun toimisto

Finanssivalvonta (FIN-FSA)

Track these deadlines automatically

Are you sure?