Materiality thresholds and reporting timelines


While all financial entitiesas defined in Article 2, points (a) to (t) should be required to carry out incident reporting, that requirement is not expected to affect all of them in the same manner. Indeed, relevant materiality thresholds, as well as reporting timelines, should be duly adjusted, in the context of delegated acts based on the regulatory technical standards to be developed by the ESAsEuropean Supervisory Authority, with a view to covering only major ICT-related incidentsmeans an ICT-related incident that has a high adverse impact on the network and information systems that support critical or important functions of the financial entity;. In addition, the specificities of financial entitiesas defined in Article 2, points (a) to (t) should be taken into account when setting timelines for reporting obligations.