Beta

Source: OJ L, 2024/2690, 18.10.2024

EN

Recital 30 Criteria for significant incidents

This Regulation is to further specify the cases in which an incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; should be considered to be significant for the purpose of Article 23(3) of Directive (EU) 2022/2555. The criteria should be such that relevant entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; are able to assess whether an incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; is significant, in order to notify the incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; in accordance with Directive (EU) 2022/2555. Furthermore, the criteria set out in this Regulation should be considered exhaustive, without prejudice to Article 5 of Directive (EU) 2022/2555. This regulation specifies the cases in which an incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; should be considered to be significant by setting out horizontal as well as entity-type specific cases.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod