Beta

Source: OJ L 333, 27.12.2022, p. 153–163

EN

Recital 7 Amendments to the payment service directive (PSD 2)

Directive (EU) 2015/2366 sets out specific rules on ICT security controls and mitigation elements for the purposes of obtaining an authorisation to provide payment services. Those authorisation rules should be amended to align them with Regulation (EU) 2022/2554. Furthermore, in order to reduce the administrative burden and to avoid complexity and duplicative reporting requirements, the incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; reporting rules in that Directive should cease to apply to payment service providers which are regulated under that Directive and also subject to Regulation (EU) 2022/2554, thus allowing those payment service providers to benefit from a single, fully harmonised incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; reporting mechanism with regard to all operational or security payment-related incidents means a single event or a series of linked events unplanned by the financial entities referred to in Article 2(1), points (a) to (d), whether ICT-related or not, that has an adverse impact on the availability, authenticity, integrity or confidentiality of payment-related data, or on the payment-related services provided by the financial entity;, irrespective of whether such incidents means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; are ICT-related.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod