Beta

Source: OJ L, 2024/1774, 25.6.2024

EN

Article 35 Data, system and network security

The financial entitiesas defined in Article 2, points (a) to (t) referred to in Article 16(1) of Regulation (EU) 2022/2554 shall, as part of their systems, protocols, and tools, develop and implement safeguards that ensure the security of networks against intrusions and data misuse and that preserve the availability, authenticity, integrity, and confidentiality of data. In particular, financial entitiesas defined in Article 2, points (a) to (t) shall, taking into account the classification referred to in Article 30(1) of this Regulation, establish all of the following:

  1. the identification and implementation of measures to protect data in use, in transit, and at rest;

  2. the identification and implementation of security measures regarding the use of software means the part of an electronic information system which consists of computer code;, data storage media, systems and endpoint devices that transfer and store data of the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;;

  3. the identification and implementation of measures to prevent and detect unauthorised connections to the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;’s network, and to secure the network traffic between the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;’s internal networks and the internet and other external connections;

  4. the identification and implementation of measures that ensure the availability, authenticity, integrity, and confidentiality of data during network transmissions;

  5. a process to securely delete data on premises, or that are stored externally, that the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; no longer needs to collect or store;

  6. a process to securely dispose of, or decommission, data storage devices on premises, or data storage devices that are stored externally, that contain confidential information;

  7. the identification and implementation of measures to ensure that teleworking and the use of private endpoint devices does not adversely impact the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;’s ability to carry out its critical activities in an adequate, timely, and secure manner.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod