Beta

Source: OJ L, 2024/1772, 25.6.2024

EN

Recital 1 Simple, harmonised and consistent criteria and thresholds

Regulation (EU) 2022/2554 aims to harmonise and streamline reporting requirements for ICT-related incidents means a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity; and for operational or security payment-related incidents means a single event or a series of linked events unplanned by the financial entities referred to in Article 2(1), points (a) to (d), whether ICT-related or not, that has an adverse impact on the availability, authenticity, integrity or confidentiality of payment-related data, or on the payment-related services provided by the financial entity; concerning credit institutions means a credit institution as defined in Article 4(1), point (1), of Regulation (EU) No 575/2013 of the European Parliament and of the Council(^32^); Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and amending Regulation (EU) No 648/2012 (OJ L 176, 27.6.2013, p. 1)., payment institutions means a payment institution as defined in Article 4, point (4), of Directive (EU) 2015/2366;, account information service providers means an account information service provider as referred to in Article 33(1) of Directive (EU) 2015/2366;, and electronic money institutions means an electronic money institution as defined in Article 2, point (1), of Directive 2009/110/EC of the European Parliament and of the Council; (‘incidents’). Considering that the reporting requirements cover 20 different types of financial entitiesas defined in Article 2, points (a) to (t), the classification criteria and the materiality thresholds for determining major incidents and significant cyber threats means a cyber threat the technical characteristics of which indicate that it could have the potential to result in a major ICT-related incident or a major operational or security payment-related incident; should be specified in a simple, harmonised and consistent way that takes into account the specificities of the services and activities of all relevant financial entitiesas defined in Article 2, points (a) to (t).

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod