Beta

Source: OJ L, 2024/1772, 25.6.2024

EN

Article 8 Major incidents

    1. An incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; shall be considered a major incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; for the purposes of Article 19(1) of Regulation (EU) 2022/2554 where it has affected critical services as referred to in Article 6 and where either of the following conditions is fulfilled:

      1. the materiality threshold referred to in Article 9(5), point (b), is met;

      2. two or more of the other materiality thresholds referred to in Articles 9(1) to (6) are met.

    1. Recurring incidents means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; that individually are not considered a major incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; in accordance with paragraph 1 shall be considered as one major incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; where they meet all of the following conditions:

      1. they have occurred at least twice within 6 months;

      2. they have the same apparent root cause as referred to in [Article 20, first subparagraph, point (b) of Regulation (EU) 2022/2554](the cross-reference is probably wrong);

      3. they collectively fulfil the criteria for being considered a major incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; set out in paragraph 1.

    2. Financial entitiesas defined in Article 2, points (a) to (t) shall assess the existence of recurring incidents means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; on a monthly basis.

    3. This paragraph does not apply to microenterprises, ‘small enterprises’ and ‘medium-sized enterprises’ mean, respectively, microenterprises, small enterprises and medium-sized enterprises as defined in the Annex to Recommendation 2003/361/EC; and to financial entitiesas defined in Article 2, points (a) to (t) listed in Article 16(1) of Regulation (EU) 2022/2554.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod