Luxembourg launches SERIMA portal: companies will be able to report digital incidents centrally

Luxembourg companies subject to NIS, RGPD and other directives have a new tool at their disposal - a centralised notification portal integrated into the SERIMA (SEcurity RIsk MAnagement) platform. From now on, companies will be able to report all incidents related to cyber threats and data breaches directly to the relevant state authorities via a single portal.

Previously, operators were required to contact different regulators separately - now everything is simplified. Companies can fulfil their notification obligations through a single interface:

• RGPD (General Data Protection Regulation),
• NIS1 directives (security of networks and information systems),
• CCEE (Critical Economic Sectors),
• and subsequently NIS2 and CER (new pan-European regulations for key infrastructure operators).

The platform was developed in partnership between the Institute of Regulation (ILR) and Luxembourg House of Cybersecurity (LHC), with the participation of the CNPD (National Data Protection Commission) and HCPN (High Commissariat for National Security).

Initially, the portal covers NIS1 and CCEE. With the entry into force of the new NIS2 and CER directives and the extension of functions for the RGPD, the functionality will be adapted without the need for a complete redesign of the system. This flexible and phased approach avoids disruption and meets future legislative requirements.

The portal is designed for both mandatory and voluntary submission of notifications. Each agency participating in the project will publish detailed instructions and recommendations on how to use the platform for supervised entities.

The new module is just part of the broader SERIMA platform, which creates a unified cybersecurity risk management ecosystem. The portal is already available for use, and more agencies are expected to join and expand their coverage in the near future.