Source: OJ L, 2025/302, 20.2.2025Current language: DE
- Digital operational resilience in the financial sector
ICT-related incidents
- ITS on templates for incident reporting
Artikel 3 Wiederholte IKT-bezogene Vorfälle
Summary What does Article 3 of the ITS on templates for incident reporting say?
This brief article addresses a specific edge case in incident reporting: where a series of individually non-major ICT-related incidents, when viewed together, cumulatively satisfy the threshold for a single major ICT-related incident.
In such scenarios, financial entities are required to report that information in an aggregated form rather than as separate individual reports.
The conditions for what constitutes a major ICT-related incident in this cumulative context are defined by reference to Article 8(2) of Delegated Regulation (EU) 2024/1772.
Important points:
- Where your non-major recurring ICT incidents cumulatively meet the criteria for a major ICT-related incident, report them in aggregated form rather than individually.
- The threshold for determining when cumulative incidents qualify as one major incident is set out in Article 8(2) of Delegated Regulation (EU) 2024/1772.
- This obligation applies to financial entities providing information on recurring, non-major ICT-related incidents.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Finanzunternehmen, die Informationen über wiederholte nicht schwerwiegende IKT-bezogene Vorfälle bereitstellen, die zusammen die Voraussetzungen für einen schwerwiegenden IKT-bezogenen Vorfall gemäß Artikel 8 Absatz 2 der Delegierten Verordnung (EU) 2024/1772 erfüllen, übermitteln diese Informationen in aggregierter Form.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.