According to art.37 of l.4070/2012:
«4. The undertakings providing access to public communications networks or electronic communications services available to the public, notify EETT of any breach of security or loss of integrity that had a significant impact on the networks or services, which in its turn notifies any breach of security or loss of integrity to ADAE, pursuant to paragraph 8.
5. Where appropriate, ADAE informs the competent national authorities in other member states, as well as the European Network and Information Security Agency (ENISA). EETT can inform the public or require this provision of information from the undertakings, if it estimates that disclosure of the breach is in the public interest.»
In order to implement the abovementioned related to its competencies, EETT has issued a regulation «Incident Reporting related to the uninterrupted electronic network and services operation» (ΑP ΕΕΤΤ 675/7/11-12-2013, FEK 107/2013), which defines the reporting criteria as well as the incident report data.
The regulation is available only in greek.