Major incident reporting

Preamble (Recitals 1 – 8)

Recitals

Article 1

General provisions

Article 2

General information to be provided in the major incident initial notification, intermediate and final reports

Article 3

Content of initial notifications

Article 4

Content of intermediate reports

Article 5

Content of final reports

Article 6

Time limits for the initial notification and intermediate report and final reports referred to in Article 19(4) of Regulation (EU)2022/2554

Article 7

Content of the voluntary notification of significant cyber threat

Article 8

Entry into force

Article 4Note: This article is based on the final draft from the ESAs and is not yet adopted. Content of intermediate reports

Financial entitiesas defined in Article 2, points (a) to (t) shall provide at least the following information about the incident in the intermediate report:

  1. incident reference code provided by the competent authorityas defined in Article 46, where applicable;

  2. date and time of occurrence of the incident;

  3. date and time when regular activities have been restored, where applicable;

  4. information about the classification criteria that triggered the incident report;

  5. type of the incident;

  6. threats and techniques used by the threat actor, where applicable;

  7. affected functional areas and business processes;

  8. affected infrastructure components supporting business processes;

  9. impact on the financial interest of clients;

  10. information about reporting to other authorities;

  11. temporary actions/measures taken or planned to be taken to recover from the incident; and

  12. information on indicators of compromise, where applicable.

Table of contents