11. Providers to notify Commission of any incident of significant impact on networks or services
(1) A provider shall, where any security incident occurs that has had or is having a significant impact on the operation of the provider's electronic communications networks or services, notify the Commission in accordance with subsection (3) without undue delay.
(2) In order to determine whether the impact of a security incident is significant for the purposes of subsection (1) a provider shall have regard to the following matters in respect of the incident:
(a) the duration of the incident;
(b) the number of users affected;
(c) any class of users particularly affected;
(d) the geographical area affected;
(e) the extent to which the functioning of the network or service was affected;
(f) the impact of the incident on economic and societal activities;
(g) the cause of the incident and any particular circumstances that resulted in the security incident.
(3) A notification made under subsection (1) shall contain the following information in relation to the incident:
(a) the provider's name;