Beta

Source: OJ L 333, 27.12.2022, p. 1–79

EN

Article 21 Centralisation of reporting of major ICT-related incidents

    1. The ESAsEuropean Supervisory Authority, through the Joint Committee means the committee referred to in Article 54 of Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010;, and in consultation with the ECB and ENISA, shall prepare a joint report assessing the feasibility of further centralisation of incident means an event compromising the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, network and information systems; reporting through the establishment of a single EU Hub for major ICT-related incident means an ICT-related incident that has a high adverse impact on the network and information systems that support critical or important functions of the financial entity; reporting by financial entitiesas defined in Article 2, points (a) to (t). The joint report shall explore ways to facilitate the flow of ICT-related incident means a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity; reporting, reduce associated costs and underpin thematic analyses with a view to enhancing supervisory convergence.

    1. The joint report referred to in paragraph 1 shall comprise at least the following elements:

      1. prerequisites for the establishment of a single EU Hub;

      2. benefits, limitations and risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident;, including risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; associated with the high concentration of sensitive information;

      3. the necessary capability to ensure interoperability with regard to other relevant reporting schemes;

      4. elements of operational management;

      5. conditions of membership;

      6. technical arrangements for financial entitiesas defined in Article 2, points (a) to (t) and national competent authoritiesas defined in Article 46 to access the single EU Hub;

      7. a preliminary assessment of financial costs incurred by setting-up the operational platform supporting the single EU Hub, including the requisite expertise.

    1. The ESAsEuropean Supervisory Authority shall submit the report referred to in paragraph 1 to the European Parliament, to the Council and to the Commission by 17 January 2025.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod