Source: OJ L, 2025/301, 20.2.2025Current language: DE
- Digital operational resilience in the financial sector
ICT-related incidents
- RTS on incident reporting
Artikel 4 Spezifische Informationen, die in Abschlussmeldungen enthalten sein müssen
Summary What does Article 4 of the RTS on incident reporting say?
Article 4 completes the three-part reporting sequence established across Articles 2, 3, and 4 by specifying what must be included in the final report submitted following a major ICT-related incident.
Where the initial notification and intermediate report focus on early detection and ongoing status, this final report is retrospective in nature — it requires financial entities to provide a thorough post-incident account covering root causes, resolution details, and the financial impact of the incident.
Important points:
- Include a full account of root causes, resolution details, and the dates and times the incident was resolved and root causes addressed.
- Report on both direct and indirect costs and losses from the incident, as well as any financial recoveries.
- Where applicable, provide information relevant for resolution authorities and flag any recurring ICT-related incidents.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Abschlussmeldungen gemäß Artikel 19 Absatz 4 Buchstabe c der Verordnung (EU) 2022/2554 enthalten mindestens alle nachfolgend genannten spezifischen Informationen:
Angaben zu den Ursachen des IKT-bezogenen Vorfalls,
Datum und Uhrzeit der Behebung des IKT-bezogenen Vorfalls sowie der Beseitigung der zugrunde liegenden Ursache(n),
Angaben dazu, wie dem IKT-bezogenen Vorfall entgegengewirkt wurde,
gegebenenfalls Informationen, die für die Abwicklungsbehörden relevant sind,
Angaben zu direkten und indirekten Kosten und Verlusten, die infolge des IKT-bezogenen Vorfalls entstanden sind, und Angaben zu finanziellen Wiedereinziehungen,
gegebenenfalls Angaben zu wiederholten IKT-bezogenen Vorfällen.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.