Source: OJ L, 2025/302, 20.2.2025
EN- Digital operational resilience in the financial sector
ICT-related incidents
- ITS on templates for incident reporting
Article 6 Notification of outsourcing of the reporting obligations
Financial entitiesas defined in Article 2, points (a) to (t) that have outsourced the obligation to report major ICT-related incidents means an ICT-related incident that has a high adverse impact on the network and information systems that support critical or important functions of the financial entity; in accordance with Article 19(5) of Regulation (EU) 2022/2554 shall inform their competent authorityas defined in Article 46 of that outsourcing arrangement as soon as the outsourcing arrangement has been concluded and at the latest prior to the first notification or reporting.
Financial entitiesas defined in Article 2, points (a) to (t) shall provide the competent authorityas defined in Article 46 with the name, contact details, and identification code of the third-party that will submit the major ICT-related incident means an ICT-related incident that has a high adverse impact on the network and information systems that support critical or important functions of the financial entity; notifications or reports for them.
Financial entitiesas defined in Article 2, points (a) to (t) shall inform their competent authorityas defined in Article 46 as soon as they no longer outsource their reporting obligations as referred to in Article 19(5) of Regulation (EU) 2022/2554.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.