Article 6 Content of the voluntary notification of significant cyber threats

general information about the notifying financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; as set out in Article 1;

the date and time of detection of the significant cyber threat means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage; and any other relevant timestamps related to the significant cyber threat means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage;;

a description of the significant cyber threat means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage;;

information about the potential impact of the significant cyber threat means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage; on the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;, its clients, or financial counterparts;

the classification criteria that would have triggered a major incident means an event compromising the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, network and information systems; report laid down in Articles 1 to 8 of Delegated Regulation (EU) 2024/1772 if the cyber threat means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; had materialised;

information about the status of the significant cyber threat means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage; and any changes in the threat activity;

where applicable, a description of the actions taken by the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; to prevent the materialisation of the significant cyber threats means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage;;

information about any notification of the significant cyber threat means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage; to other financial entitiesas defined in Article 2, points (a) to (t) or authorities;

where applicable, information on indicators of compromise;

where available, any other relevant information.