Beta

Source: OJ L, 2025/301, 20.2.2025

EN

Article 1 General information to be provided in initial notifications and intermediate and final reports on major ICT-related incidents

Financial entitiesas defined in Article 2, points (a) to (t) shall include in the initial notification, the intermediate report, and the final report, as referred to in Article 19(4) of Regulation (EU) 2022/2554, the following general information:

  1. the type of submission (initial notification, intermediate report, or final report);

  2. the name of the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;, its LEI code, and the type of financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;, as referred to in Article 2(1) of Regulation (EU) 2022/2554;

  3. the name and identification code of the entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; that submits the initial notification, or intermediate or final report, for the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;;

  4. where applicable, the names and LEI codes of all financial entitiesas defined in Article 2, points (a) to (t) covered in the aggregated initial notification or intermediate or final report;

  5. the contact details of the persons responsible for communicating with the competent authorityas defined in Article 46 on the major ICT-related incident means an ICT-related incident that has a high adverse impact on the network and information systems that support critical or important functions of the financial entity;;

  6. where applicable, the identification of the parent undertaking means a parent undertaking within the meaning of Article 2, point (9), and Article 22 of Directive 2013/34/EU; of the group means a group as defined in Article 2, point (11), of Directive 2013/34/EU; to which the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; belongs;

  7. where there is monetary impact, the currency the amounts are based on.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod