Source: OJ L, 2024/1772, 25.6.2024

Current language: EN

Article 4 Geographical spread


Summary What does Article 4 of the RTS on incident classification say?

This article specifies how financial entities should assess the geographical spread of an incident, one of the classification criteria established in Article 18(1) of DORA.

The core obligation is to evaluate whether an incident has had an impact beyond the financial entity's home jurisdiction, extending into other EU Member States.

The assessment covers the reach of the incident across clients, group structures, and shared infrastructure.

Important points:

  • Assess whether your incident has had an impact in other Member States, not just domestically.
  • The assessment covers clients and financial counterparts, group entities and branches, and financial market infrastructures or third-party providers operating across borders.
  • For third-party providers and financial market infrastructures, the assessment applies only to the extent that the relevant information is available to you.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

For the purpose of determining the geographical spread with regard to the areas affected by the incident as referred to in Article 18(1), point (c), of Regulation (EU) 2022/2554, financial entities shall assess whether the incident has or had an impact in other Member States, and in particular the significance of the impact in relation to any of the following:

  1. clients and financial counterparts in other Member States;

  2. branches or other financial entities within the group carrying out activities in other Member States;

  3. financial market infrastructures or third-party providers, which may affect financial entities in other Member States to which they provide services, to the extent such information is available.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod