Annex IV Data glossary and instructions for notification of significant cyber threats


Data field

Description

Mandatory field

Field type

  • Name of the entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; submitting the notification

Full legal name of the entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; submitting the notification.

Yes

Alphanumeric

  • Identification code of the entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; submitting the notification

Identification code of the entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; submitting the notification.

Where financial entitiesas defined in Article 2, points (a) to (t) submit the notification/report, the identification code shall be a Legal Entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; Identifier (LEI), which is a unique 20 alphanumeric character code, based on ISO 17442-1:2020.

Where a third-party provider submits a report for a financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;, it may use an identification code as specified in the implementing technical standards means a standard as defined in Article 2, point (1), of Regulation (EU) No 1025/2012 of the European Parliament and of the Council (^29^); Regulation (EU) No 1025/2012 of the European Parliament and of the Council of 25 October 2012 on European standardisation, amending Council Directives 89/686/EEC and 93/15/EEC and Directives 94/9/EC, 94/25/EC, 95/16/EC, 97/23/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/23/EC and 2009/105/EC of the European Parliament and of the Council and repealing Council decision 87/95/EEC and Decision No 1673/2006/EC of the European Parliament and of the Council (OJ L 316, 14.11.2012, p. 12). adopted pursuant to Article 28(9) of Regulation (EU) 2022/2554.

Yes

Alphanumeric

  • Type of financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; submitting the report

Type of the entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; referred to in Article 2(1), points (a) to (t) of Regulation (EU) 2022/2554 submitting the report.

Yes, if the report is not provided by the affected financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; directly.

Choice (multiselect):

  • credit institution means a credit institution as defined in Article 4(1), point (1), of Regulation (EU) No 575/2013 of the European Parliament and of the Council (^32^); Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and amending Regulation (EU) No 648/2012 (OJ L 176, 27.6.2013, p. 1).;

  • payment institution means a payment institution as defined in Article 4, point (4), of Directive (EU) 2015/2366;;

  • exempted payment institution means a payment institution as defined in Article 4, point (4), of Directive (EU) 2015/2366;;

  • account information service provider means an account information service provider as referred to in Article 33(1) of Directive (EU) 2015/2366;;

  • electronic money institution means an electronic money institution as defined in Article 2, point (1), of Directive 2009/110/EC of the European Parliament and of the Council;;

  • exempted electronic money institution means an electronic money institution as defined in Article 2, point (1), of Directive 2009/110/EC of the European Parliament and of the Council;;

  • investment firm means an investment firm as defined in Article 4(1), point (1), of Directive 2014/65/EU;;

  • crypto-asset service provider means a crypto-asset service provider as defined in the relevant provision of the Regulation on markets in crypto-assets;;

  • issuer of asset-referenced tokens means an issuer of asset-referenced tokens as defined in the relevant provision of the Regulation on markets in crypto-assets;;

  • central securities depository means a central securities depository as defined in Article 2(1), point (1), of Regulation (EU) No 909/2014;;

  • central counterparty means a central counterparty as defined in Article 2, point (1), of Regulation (EU) No 648/2012;;

  • trading venue means a trading venue as defined in Article 4(1), point (24), of Directive 2014/65/EU;;

  • trade repository means a trade repository as defined in Article 2, point (2), of Regulation (EU) No 648/2012;;

  • manager of alternative investment fund;

  • management company means a management company as defined in Article 2(1), point (b), of Directive 2009/65/EC;;

  • data reporting service provider means a data reporting service provider within the meaning of Regulation (EU) No 600/2014, as referred to in Article 2(1), points (34) to (36) thereof;;

  • insurance and reinsurance undertaking means a reinsurance undertaking as defined in Article 13, point (4), of Directive 2009/138/EC;;

  • insurance intermediary means an insurance intermediary as defined in Article 2(1), point (3), of Directive (EU) 2016/97 of the European Parliament and of the Council (^34^); Directive (EU) 2016/97 of the European Parliament and of the Council of 20 January 2016 on insurance distribution (OJ L 26, 2.2.2016, p. 19)., reinsurance intermediary means a reinsurance intermediary as defined in Article 2(1), point (5), of Directive (EU) 2016/97; and ancillary insurance intermediary means an ancillary insurance intermediary as defined in Article 2(1), point (4), of Directive (EU) 2016/97;;

  • institution for occupational retirement provision means an institution for occupational retirement provision as defined in Article 6, point (1), of Directive (EU) 2016/2341;;

  • credit rating agency means a credit rating agency as defined in Article 3(1), point (b), of Regulation (EC) No 1060/2009;;

  • administrator of critical benchmarks means an administrator of ‘critical benchmarks’ as defined in Article 3(1), point (25), of Regulation (EU) 2016/1011;;

  • crowdfunding service provider means a crowdfunding service provider as defined in Article 2(1), point (e), of Regulation (EU) 2020/1503 of the European Parliament and of the Council (^35^); Regulation (EU) 2020/1503 of the European Parliament and of the Council of 7 October 2020 on European crowdfunding service providers for business, and amending Regulation (EU) 2017/1129 and Directive (EU) 2019/1937 (OJ L 347, 20.10.2020, p. 1).;

  • securitisation repository means a securitisation repository as defined in Article 2, point (23), of Regulation (EU) 2017/2402 of the European Parliament and of the Council (^36^); Regulation (EU) 2017/2402 of the European Parliament and of the Council of 12 December 2017 laying down a general framework for securitisation and creating a specific framework for simple, transparent and standardised securitisation, and amending Directives 2009/65/EC, 2009/138/EC and 2011/61/EU and Regulations (EC) No 1060/2009 and (EU) No 648/2012 (OJ L 347, 28.12.2017, p. 35)..

  • Name of the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;

Full legal name of the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; notifying the significant cyber threat means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage;.

Yes, if the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; is different from the entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; submitting the notification

Alphanumeric

  • LEI code of the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;

Legal Entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; Identifier (LEI) of the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; notifying the significant cyber threat means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage;, assigned in accordance with the International Organisation for Standardisation.

Yes, if the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; notifying the significant cyber threat means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage; is different from the entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; submitting the report

Unique alphanumeric 20 character code, based on ISO 17442-1:2020

  • Primary contact person name

Name and surname of the primary contact person of the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;.

Yes

Alphanumeric

  • Primary contact person email

Email address of the primary contact person that can be used by the competent authorityas defined in Article 46 for follow-up communication.

Yes

Alphanumeric

  • Primary contact person telephone

The telephone number of the primary contact person that can be used by the competent authorityas defined in Article 46 for follow-up communication.

The telephone number shall be reported with all international prefixes (e.g. +33XXXXXXXXX)

Yes

Alphanumeric

  • Second contact person name

Name and surname of the second contact person of the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; or an entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; submitting the notification on behalf of the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;, where available.

Yes, if name and surname of the second contact person of the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; or an entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; submitting the notification for the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; is available

Alphanumeric

  • Second contact person email

Email address of the second contact person or a functional email address of the team that can be used by the competent authorityas defined in Article 46 for follow-up communication, where available.

Yes, if email address of the second contact person or a functional email address of the team that can be used by the competent authorityas defined in Article 46 for follow-up communication is available

Alphanumeric

  • Second contact person telephone

The telephone number of the second contact person that can be used by the competent authorityas defined in Article 46 for follow-up communication, where available.

The telephone number shall be reported with all international prefixes (e.g. +33XXXXXXXXX).

Yes, if the telephone number of the second contact person that can be used by the competent authorityas defined in Article 46 for follow-up communication is available

Alphanumeric

  • Date and time of detection of the cyber threat means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881;

Date and time at which the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; has become aware of the significant cyber threat means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage;.

Yes

ISO 8601 standard means a standard as defined in Article 2, point (1), of Regulation (EU) No 1025/2012 of the European Parliament and of the Council (^29^); Regulation (EU) No 1025/2012 of the European Parliament and of the Council of 25 October 2012 on European standardisation, amending Council Directives 89/686/EEC and 93/15/EEC and Directives 94/9/EC, 94/25/EC, 95/16/EC, 97/23/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/23/EC and 2009/105/EC of the European Parliament and of the Council and repealing Council decision 87/95/EEC and Decision No 1673/2006/EC of the European Parliament and of the Council (OJ L 316, 14.11.2012, p. 12). UTC (YYYY-MM-DD Thh: mm:ss)

  • Description of the significant cyber threat means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage;

Description of the most relevant aspects of the significant cyber threat means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage;.

Financial entitiesas defined in Article 2, points (a) to (t) shall provide:

  • a high-level overview of the most relevant aspects of the significant cyber threat means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage;;

  • the related risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; arising from it, including potential vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; of the systems of the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; that can be exploited;

  • information about the probability of materialisation of the significant cyber threat means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage;; and

  • information about the source of information about the cyber threat means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881;.

Yes

Alphanumeric

  • Information about potential impact

Information about the potential impact of the cyber threat means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; on the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;, its clients or financial counterparts if the cyber threat means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; has materialised

Yes

Alphanumeric

  • Potential incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; classification criteria

The classification criteria that could have triggered a major incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; report if the cyber threat means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; had materialised.

Yes

Choice (multiple):

  • clients, financial counterparts and transactions affected;

  • reputational impact;

  • duration and service downtime;

  • geographical spread;

  • data losses;

  • critical services affected;

  • economic impact.

  • Status of the cyber threat means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881;

Information about the status of the cyber threat means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; for the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; and whether there have been any changes in the threat activity.

Where the cyber threat means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; has stopped communicating with the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;’s information systems, the status can be marked as inactive. If the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; has information that the threat remains active against other parties or the financial system as a whole, the status shall be marked as active.

Yes

Choice:

  • active;

  • inactive.

  • Actions taken to prevent materialisation

High-level information about the actions taken by the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; to prevent the materialisation of the significant cyber threats means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage;, if applicable.

Yes

Alphanumeric

  • Notification to other stakeholders

Information about notification of the cyber threat means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; to other financial entitiesas defined in Article 2, points (a) to (t) or authorities.

Yes, if other financial entitiesas defined in Article 2, points (a) to (t) or authorities have been informed about the cyber threat means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881;)

Alphanumeric

  • Indicators of compromise

Information related to the significant threat that may help identify malicious activity within a network or information system (Indicators of Compromise, or IoC), where applicable.

The IoC provided by the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; may include, but is not to be limited to, the following categories of data:

  • IP addresses;

  • URL addresses;

  • domains;

  • file hashes;

  • malware data (malware name, file names and their locations, specific registry keys associated with malware activity);

  • network activity data (ports, protocols, addresses, referrers, user agents, headers, specific logs or distinctive patterns in network traffic);

  • email message data (sender, recipient, subject, header, content);

  • DNS requests and registry configurations;

  • user account activities (logins, privileged user account activity, privilege escalation);

  • database traffic (read/write), requests to the same file.

This type of information may include data relating to indicators describing patterns in network traffic corresponding to known attacks/botnet communications, IP addresses of machines infected with malware (bots), data relating to ‘command and control’ servers used by malware (usually domains or IP addresses), and URLs relating to phishing sites or websites observed hosting malware or exploit kits.

Yes, if information about indicators of compromise connected with the cyber threat means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; are available)

Alphanumeric

  • Other relevant information

Any other relevant information about the significant cyber threat means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage;

Yes, if applicable and if there is other information available, not covered in the template

Alphanumeric

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod