Source: OJ L, 2025/302, 20.2.2025
EN- Digital operational resilience in the financial sector
ICT-related incidents
- ITS on templates for incident reporting
Annex III Templates for notification of significant cyber threats
Number of field | Data field | |
|---|---|---|
1 | Name of the entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; submitting the notification | |
2 | Identification code of the entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; submitting the notification | |
3 | Type of the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; submitting the notification | |
4 | Name of the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; | |
5 | LEI code of the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; | |
6 | Primary contact person name | |
7 | Primary contact person email | |
8 | Primary contact person telephone | |
9 | Second contact person name | |
10 | Second contact person email | |
11 | Second contact person telephone | |
12 | Date and time of detection of the cyber threat means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; | |
13 | Description of the significant cyber threat means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage; | |
14 | Information about potential impact | |
15 | Potential incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; classification criteria | |
16 | Status of the cyber threat means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; | |
17 | Actions taken to prevent materialisation | |
18 | Notification to other stakeholders | |
19 | Indicators of compromise | |
20 | Other relevant information |
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.