Info

🔗 Back to Summary. 🇫🇷 French Version: 2025R0301_FR.3. Back to Summary of LVL1. Open the PDF. Direct link to EUR-LEX.

Article 2 – Specific information to be provided in initial notifications ⬅️ | ➡️ Article 4 – Article Specific information to be provided in final reports

Références LVL1 <=> LVL2

Level 1 reference(s): 2022R2554_EN.19 > 4#b

Article 3 - Specific information to be provided in intermediate reports

Intermediate reports as referred to in Article 19(4), point (b), of Regulation (EU) 2022/2554 shall contain at least all of the following specific information:

(a)

where applicable, the incident reference code provided by the competent authority;

(b)

the date and time of occurrence of the ICT-related incident;

(c)

where applicable, the date and time when the financial entity has recovered its regular activities;

(d)

information about how the criteria laid down in Articles 1 to 8 of Delegated Regulation (EU) 2024/1772 have been fulfilled, on the basis of which the financial entity classified the ITC-related incident as major;

(e)

the type of ICT-related incident;

(f)

where applicable, the threats and techniques used by the threat actor;

(g)

affected functional areas and business processes;

(h)

affected infrastructure components supporting business processes;

(i)

impact on the financial interest of clients;

(j)

information about reporting about the ICT-related incident to other authorities;

(k)

temporary actions or measures taken or planned to be taken by the financial entity to recover from the ICT-related incident;

(l)

where applicable, information on indicators of compromise.

NOMOX

Explorer

2025R0301_EN.3

Article 3 - Specific information to be provided in intermediate reports

(a)

(b)

(c)

(d)

(e)

(f)

(g)

(h)

(i)

(j)

(k)

(l)

Table of Contents

Backlinks