Artikel 8 Meldung erheblicher Cyberbedrohungen

Summary What does Article 8 of the ITS on templates for incident reporting say?

This brief article addresses the procedural requirements for financial entities that choose to notify competent authorities of significant cyber threats.

It mirrors the approach taken in earlier articles of this regulation regarding major ICT-related incident reporting, but applies specifically to the voluntary notification pathway for significant cyber threats under DORA.

Rather than leaving the format open-ended, the article directs financial entities to use a dedicated template and accompanying glossary — namely Annex III and Annex IV — and places a clear obligation on the accuracy and completeness of the information submitted.

Important points:

Use Annex III as the prescribed template and Annex IV as the data glossary when notifying competent authorities of significant cyber threats.
Ensure all information submitted in the notification is complete and accurate.
This article applies specifically to the voluntary notification of significant cyber threats, which are threats that could potentially result in a major ICT-related incident, as distinct from the mandatory major incident reporting covered elsewhere in the regulation.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

1. Finanzunternehmen, die den zuständigen Behörden gemäß Artikel 19 Absatz 2 der Verordnung (EU) 2022/2554 erhebliche Cyberbedrohungen melden, verwenden die Vorlage in Anhang III dieser Verordnung und befolgen das Datenglossar und die Anleitung in Anhang IV dieser Verordnung.
1. Finanzunternehmen stellen sicher, dass die in der Meldung erheblicher Cyberbedrohungen enthaltenen Informationen vollständig und korrekt sind.

Table of contents

Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.