Info

🔗 Back to Summary. 🇫🇷 French Version: 2025R0301_FR.2. Back to Summary of LVL1. Open the PDF. Direct link to EUR-LEX.

Article 1 – General information to be provided in initial notifications and intermediate and final reports on major ICT-related incidents ⬅️ | ➡️ Article 3 – Specific information to be provided in intermediate reports

Références LVL1 <=> LVL2

Level 1 reference(s): 2022R2554_EN.19 > 4

Article 2 - Specific information to be provided in initial notifications

Initial notifications as referred to in Article 19(4), point (a), of Regulation (EU) 2022/2554 shall contain at least all of the following specific information:

(a)

the incident reference code assigned by the financial entity;

(b)

the date of detection, time of detection, and classification of the incident pursuant to Article 8 of Commission Delegated Regulation (EU) 2024/1772

;

(c)

a description of the ICT-related incident;

(d)

the criteria, laid down in Articles 1 to 8 of Delegated Regulation (EU) 2024/1772, on the basis of which the financial entity classified the ICT-related incident as major;

(e)

the Members States that are impacted by the ICT-related incident;

(f)

information on how the ICT-related incident was discovered;

(g)

where available, information about the origin of the ICT-related incident;

(h)

information about whether the financial entity has activated a business continuity plan;

(i)

where applicable, information about the reclassification of the ICT-related incident from major to non-major;

(j)

where available, any other relevant information.

NOMOX

Explorer

2025R0301_EN.2

Article 2 - Specific information to be provided in initial notifications

(a)

(b)

(c)

(d)

(e)

(f)

(g)

(h)

(i)

(j)

Table of Contents

Backlinks