This artefact provides a consolidated set of advice, guidance and best practice to support cyber incident reporting requirements and processes within the UK. The framework outlines mandatory and best practice reporting across regulators and government agencies. It includes a decision tree, incident severity classifications, and guidance on thresholds, reporting channels and coordination with various organisations. The framework is designed to support incident response teams and compliance functions and should be integrated into firms’ internal response plans.