Source: OJ L, 2024/1772, 25.6.2024Current language: EN
- Digital operational resilience in the financial sector
ICT-related incidents
- RTS on incident classification
Article 3 Duration and service downtime
Summary What does Article 3 of the RTS on incident classification say?
This article provides the technical rules for how financial entities must measure two distinct but related time-based criteria relevant to incident classification under Article 18(1)(b) of DORA: the overall duration of an incident and the service downtime it causes.
It establishes clear start and end points for each measurement, while also providing practical fallback rules for situations where exact timings cannot be determined, such as permitting the use of estimates or log data.
Important points:
- Measure incident duration from the moment the incident occurs to the moment it is resolved, falling back to detection time or log records where the start cannot be determined.
- Measure service downtime from the moment the service becomes fully or partially unavailable to the moment it is restored to its prior level, including any delayed service delivery following restoration.
- Where exact timings cannot be verified, apply estimates to ensure measurement obligations are still fulfilled.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Financial entities shall measure the duration of an incident as referred to in Article 18(1), point (b), of Regulation (EU) 2022/2554, from the moment the incident occurs until the moment when it is resolved.
Where financial entities are unable to determine the moment when the incident occurred, they shall measure the duration of the incident from the moment it was detected. Where financial entities become aware that the incident occurred prior to its detection, they shall measure the duration from the moment the incident is recorded in network or system logs or other data sources.
Where financial entities do not yet know when the incident will be resolved or are unable to verify records in logs or other data sources, they shall apply estimates.
Financial entities shall measure the service downtime of an incident as referred to in Article 18(1), point (b), of Regulation (EU) 2022/2554, from the moment the service is fully or partially unavailable to clients, financial counterparts or other internal or external users to the moment when regular activities or operations have been restored to the level of service that was provided prior to the incident. Where the service downtime causes a delay in the provision of service after regular activities or operations have been restored, the downtime shall be measured from the start of the incident to the moment when that delayed service is fully provided.
Where financial entities are unable to determine the moment when the service downtime started, they shall measure the service downtime from the moment it was detected.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.