Source: OJ L, 2025/301, 20.2.2025
EN- Digital operational resilience in the financial sector
ICT-related incidents
- RTS on incident reporting
Article 4 Article Specific information to be provided in final reports
Final reports as referred to in Article 19(4), point (c), of Regulation (EU) 2022/2554 shall contain all of the following specific information:
information about the root causes of the ICT-related incident means a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity;;
dates and times when the ICT-related incident means a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity; was resolved and the root cause(s) addressed;
information on the resolution of the ICT-related incident means a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity;;
where applicable, information relevant for resolution authorities;
information about direct and indirect costs and losses stemming from the ICT-related incident means a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity; and information about financial recoveries;
where applicable, information about recurring ICT-related incidents means a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity;.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.