Article 21 Centralisation of reporting of major ICT-related incidents

The ESAs, through the Joint Committeemeans the committee referred to in Article 54 of Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010;, and in consultation with the ECB and ENISA, shall prepare a joint report assessing the feasibility of further centralisation of incident reporting through the establishment of a single EU Hub for major ICT-related incidentmeans an ICT-related incident that has a high adverse impact on the network and information systems that support critical or important functions of the financial entity; reporting by financial entities. The joint report shall explore ways to facilitate the flow of ICT-related incidentmeans a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity; reporting, reduce associated costs and underpin thematic analyses with a view to enhancing supervisory convergence.

1. prerequisites for the establishment of a single EU Hub;

2. benefits, limitations and risks, including risks associated with the high concentration of sensitive information;

3. the necessary capability to ensure interoperability with regard to other relevant reporting schemes;

4. elements of operational management;

5. conditions of membership;

6. technical arrangements for financial entities and national competent authorities to access the single EU Hub;

7. a preliminary assessment of financial costs incurred by setting-up the operational platform supporting the single EU Hub, including the requisite expertise.

The ESAs shall submit the report referred to in paragraph 1 to the European Parliament, to the Council and to the Commission by 17 January 2025.