Beta

Source: OJ L, 2025/302, 20.2.2025

EN

Article 1 Template for reporting ICT-related major incidents

    1. Financial entitiesas defined in Article 2, points (a) to (t) shall use the template laid down in Annex I to submit the initial notification, the intermediate report, and the final report referred to in Article 19(4) of Regulation (EU) 2022/2554 as follows:

      1. financial entitiesas defined in Article 2, points (a) to (t) that submit an initial notification shall complete the data fields of the template which correspond to the information to be provided in accordance with Article 2 of Commission Delegated Regulation (EU) 2025/301 (7)Commission Delegated Regulation (EU) 2025/301 of 23 October 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the content and time limits for the initial notification of, and intermediate and final report on, major ICT-related incidents, and the content of the voluntary notification for significant cyber threats. (OJ L, 2025/301, 20.2.2025, ELI: http://data.europa.eu/eli/reg_del/2025/301/oj)., and may, where they already have that information, complete those data fields the completion of which is not required for an initial notification but is required for an intermediate or final report;

      2. financial entitiesas defined in Article 2, points (a) to (t) that submit an intermediate report shall complete the data fields of the template which correspond to the information to be provided in accordance with Article 3 of Delegated Regulation (EU) 2025/301 and may, where they already have the relevant information, complete data fields the completion of which is not required for the intermediate report, but is required for the final report.

      3. financial entitiesas defined in Article 2, points (a) to (t) that submit a final report shall complete the data fields of the template which correspond to the information to be provided in accordance with Article 4 of Delegated Regulation (EU) 2025/301.

    1. Financial entitiesas defined in Article 2, points (a) to (t) shall ensure that the information contained in the initial notification, and in the intermediate and final report, is complete and accurate.

    1. Financial entitiesas defined in Article 2, points (a) to (t) shall provide estimated values based on other available data and information, to the extent possible, where accurate data are not available at the time of reporting for the initial notification or the intermediate report.

    1. When submitting an intermediate or final report, financial entitiesas defined in Article 2, points (a) to (t) shall use the template laid down in Annex I to submit all required information and update, where applicable, the information that was previously provided in the initial notification or in the intermediate report.

    1. Financial entitiesas defined in Article 2, points (a) to (t) shall follow the data glossary and instructions set out in Annex II when completing the template laid down in Annex I.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod