INCIDENTRON

Acronym: INCIDENTRON
Title: Mastering Incident Response through an Open-Source Framework, Architecture, and Platform

What is the INCIDENTRON project about and what challenge does it aim to address?
INCIDENTRON is a project focused on automating, simplifying, and improving incident reporting workflows between MSSPs, end users and reporting authorities. It addresses long‑standing challenges amplified by evolving European cybersecurity, privacy, and data protection legislation, including:

• Siloed compliance efforts, which create a fragmented landscape with overlapping reporting requirements, duplicated work, and missed opportunities synergy and scalability concerns.
• An exponential increase of reportable incidents, driven by expanded regulatory scope and mandatory reporting obligations, which risks overwhelming both organizations and national authorities and leading to slower, less coordinated responses.
• The complexity of multi entity and cross border collaboration, which generate coordination challenges, information overload, and operational silos.
• Misaligned processes and incompatible tools, resulting into a fragmented framework, inefficiencies, higher compliance costs and barriers to automation.
   

What are the key outcomes or innovations INCIDENTRON hopes to achieve?
INCIDENTRON aims to deliver several key outcomes and innovations that will strengthen cybersecurity resilience across the EU. First, it will reduce the overall cost of cybersecurity by automating incident reporting workflows, creating a unified multi regulatory framework, and providing an open, reusable architecture that minimizes duplication and future development costs. It will also enable better compliance with NIS2 and related legislation by introducing a single incident workflow that supports multiple regulatory obligations, improving reporting quality, situational awareness, and collaborative crisis response.
The project will foster deep stakeholder engagement through events, workshops, consultations, and pilot activities, ensuring that the framework is co designed with MSSPs, end users, authorities, and sectoral communities. These activities will generate white papers, best practices, and shared insights that strengthen cross border collaboration. INCIDENTRON will further enhance cooperation and preparedness across the EU by enabling seamless interaction between MSSPs, authorities, CSIRTs, and other actors, supported by joint training, cyber range simulations, and shared threat intelligence.

Finally, the project will contribute to effective implementation of the Cyber Resilience Act (CRA) by developing a scalable methodology for responsible vulnerability disclosure and supporting future mandatory reporting processes. This work will help equip market surveillance authorities, notifying authorities, and national accreditation bodies with the tools and capabilities needed to supervise and enforce CRA requirements.
 

Which expertise will VUB bring to the table in this consortium?
VUB will bring expertise in secure autonomous learning, Machine Learning (ML) and GenAI system requirements, providing the general methodological framework to scope and position the role of AI within the platform, assess “AI risk appetite” in relation to the AI Act, define multi tier evaluation metrics, map potential risks and governance measures, and determine the knowledge & data to be curated, labelled or pre processed as well as functional and non functional requirements.
VUB will also contribute expertise in autonomous learning agent development, parsing and analysing incident data using traditional AI/ML techniques for structured data and Large Language Models (LLMs) to handle unstructured text to support automatic incident report creation and adaptation to organisational context.

Finally, VUB will support GenAI and ML developments and platform integration, identifying opportunities for integrating LLMs and agentic architectures to improve productivity.
 

What broader societal impact will this project have?
INCIDENTRON will have a broad and lasting societal impact:

• Strengthen competitiveness of European cybersecurity solutions and services SMEs
• Strengthen competitiveness of European critical infrastructure and essential services
• Strengthen European member states’ capacity and European society cyber resilience
• Strengthen benefits to Europe as a whole
• Strengthen benefits to European skills growth and growth of SMEs
• Strengthen benefits of European cybersecurity community building
• Enhance trust in digital transformation
• Drive sustainable cybersecurity practices