Beta

Source: OJ L, 2024/1772, 25.6.2024

EN

Recital 8 Weighting of criteria

Given that the classification criteria are interdependent and linked to each other, the approach for identifying major incidents means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; which are to be reported in accordance with Article 19(1) of Regulation (EU) 2022/2554 should be based on a combination of criteria, where some criteria that are closely related to the definitions of an ICT-related incident means a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity; and a major ICT-related incident means an ICT-related incident that has a high adverse impact on the network and information systems that support critical or important functions of the financial entity; set out in Article 3(8) and (10) of Regulation (EU) 2022/2554 should have more prominence in the classification of major incidents means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; than other criteria.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod