Source: OJ L, 2025/302, 20.2.2025
- Digital operational resilience in the financial sector
ICT-related incidents
- ITS on templates for incident reporting
Article 6 Notification of outsourcing of the reporting obligations
Financial entities that have outsourced the obligation to report major ICT-related incidentsmeans an ICT-related incident that has a high adverse impact on the network and information systems that support critical or important functions of the financial entity; in accordance with Article 19(5) of Regulation (EU) 2022/2554 shall inform their competent authority of that outsourcing arrangement as soon as the outsourcing arrangement has been concluded and at the latest prior to the first notification or reporting.
Financial entities shall provide the competent authority with the name, contact details, and identification code of the third-party that will submit the major ICT-related incidentmeans an ICT-related incident that has a high adverse impact on the network and information systems that support critical or important functions of the financial entity; notifications or reports for them.
Financial entities shall inform their competent authority as soon as they no longer outsource their reporting obligations as referred to in Article 19(5) of Regulation (EU) 2022/2554.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.