Beta

Source: OJ L, 2024/2690, 18.10.2024

EN

Article 3 Significant incidents

    1. An incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; shall be considered to be significant for the purposes of Article 23(3) of Directive (EU) 2022/2555 with regard to the relevant entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; where one or more of the following criteria are fulfilled:

      1. the incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; has caused or is capable of causing direct financial loss for the relevant entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; that exceeds EUR 500000 or 5 % of the relevant entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;’s total annual turnover in the preceding financial year, whichever is lower;

      2. the incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; has caused or is capable of causing the exfiltration of trade secrets as set out in Article 2 point (1), of Directive (EU) 2016/943 of the relevant entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;;

      3. the incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; has caused or is capable of causing the death of a natural person;

      4. the incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; has caused or is capable of causing considerable damage to a natural person’s health;

      5. a successful, suspectedly malicious and unauthorised access to network and information systems means: an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972; any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; or digital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance; occurred, which is capable of causing severe operational disruption;

      6. the incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; meets the criteria set out in Article 4;

      7. the incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; meets one or more of the criteria set out in Articles 5 to 14.

    1. Scheduled interruptions of service and planned consequences of scheduled maintenance operations carried out by or on behalf of the relevant entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; shall not be considered to be significant incidents means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555;.

    1. When calculating the number of users impacted by an incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; for the purpose of Articles 7 and 9 to 14, the relevant entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; shall consider all of the following:

      1. the number of customers that have a contract with the relevant entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; which grants them access to the relevant entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;’s network and information systems means: an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972; any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; or digital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance; or services offered by, or accessible via, those network and information systems means: an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972; any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; or digital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance;;

      2. the number of natural and legal persons associated with business customers that use the entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;network and information systems means: an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972; any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; or digital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance; or services offered by, or accessible via, those network and information systems means: an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972; any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; or digital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance;.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod