ICT incident classification

Preamble (Recitals 1 – 18)

Recitals

Chapter I (Articles 1 – 7)

Classification criteria

Article 1

Clients, financial counterparts and transactions

Article 2

Reputational impact

Article 3

Duration and service downtime

Article 4

Geographical spread

Article 5

Data losses

Article 6

Criticality of services affected

Article 7

Economic impact

Chapter II (Articles 8 – 9)

Major incidents and materiality thresholds

Article 8

Major incidents

Article 9

Materiality thresholds for determining major incidents

Chapter III (Article 10)

Significant cyber threats

Article 10

High materiality thresholds for determining significant cyber threats

Chapter IV (Articles 11 – 12)

Relevance of major incidents to competent authorities in other Member States and details of reports to be shared with other competent authorities

Article 11

Relevance of major incidents to competent authorities in other Member States

Article 12

Details of major incidents to be shared with other competent authorities

Chapter V (Article 13)

Final provisions

Article 13

Entry into force

RTS RTS on classification of major incidents and significant cyber threats

This is the regulatory technical standard (RTS) on ICT incident classification as adopted by the European Commission. The content provided here is based on the original legal text from EUR-Lex.

This text is provided as-is and should not be relied upon as an authoritative source. Instead consult the Official Journal final version which is published on EUR-Lex as of 25 June 2024.

The full name of the RTS is Commission Delegated Regulation (EU) 2024/1772 of 13 March 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the criteria for the classification of ICT-related incidents and cyber threats, setting out materiality thresholds and specifying the details of reports of major incidents.

Our commitment is to continuously enhance this platform, improving readability and navigation for your convenience. Stay updated on our progress by following us on LinkedIn, where we announce new features. If you have any questions or suggestions, please feel free to reach out to us at dora@springflod.se.

Enjoy.

Table of Contents

Preamble

1 – 18

Recitals

Chapter I

Classification criteria

Article 1

Clients, financial counterparts and transactions

Article 2

Reputational impact

Article 3

Duration and service downtime

Article 4

Geographical spread

Article 5

Data losses

Article 6

Criticality of services affected

Article 7

Economic impact

Chapter II

Major incidents and materiality thresholds

Article 8

Major incidents

Article 9

Materiality thresholds for determining major incidents

Chapter III

Significant cyber threats

Article 10

High materiality thresholds for determining significant cyber threats

Chapter IV

Relevance of major incidents to competent authorities in other Member States and details of reports to be shared with other competent authorities

Article 11

Relevance of major incidents to competent authorities in other Member States

Article 12

Details of major incidents to be shared with other competent authorities

Chapter V

Final provisions

Article 13

Entry into force