Source: OJ L, 2025/302, 20.2.2025
EN- Digital operational resilience in the financial sector
ICT-related incidents
- ITS on templates for incident reporting
Article 8 Notification of significant cyber threats
Financial entitiesas defined in Article 2, points (a) to (t) that notify significant cyber threats means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage; to competent authoritiesas defined in Article 46 in accordance with Article 19(2) of Regulation (EU) 2022/2554 shall use the template laid down in Annex III to this Regulation and follow the data glossary and instructions set out Annex IV to this Regulation.
Financial entitiesas defined in Article 2, points (a) to (t) shall ensure that the information contained in the notification of significant cyber threats means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage; is complete and accurate.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.