Source: OJ L, 2024/1620, 19.6.2024Current language: FR
- Anti-money laundering
Basic legislative acts
- Anti-money laundering authority regulation (AMLAR)
Article 83 Sécurité informatique
Summary What does Article 83 of the Anti-money laundering authority regulation (AMLAR) say?
This article sets out the IT governance and cybersecurity requirements for the Authority itself.
It establishes that IT governance sits at the level of the Executive Director, who is responsible for managing the IT budget and reporting to the Executive Board on compliance with IT security rules.
The article also mandates a transparent allocation of IT expenditure to direct security and requires the establishment of an IT security monitoring and response service, with a specific reporting obligation to CERT-EU and the Commission in the event of major incidents.
Important points:
- The Authority must establish internal IT governance at the Executive Director level, including budget management and regular compliance reporting to the Executive Board.
- A sufficient and transparent share of IT expenditure must be allocated to direct IT security, with contributions to CERT-EU counting toward that share.
- Major IT security incidents must be reported to both CERT-EU and the Commission within 24 hours of detection.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
L’Autorité met en place, au niveau du directeur exécutif, une gouvernance informatique interne qui établit et gère le budget informatique et fait régulièrement rapport au conseil exécutif sur le respect des règles et normes de sécurité informatique applicables.
L’Autorité veille à ce qu’une part suffisante de ses dépenses informatiques soit affectée de manière transparente à la sécurité informatique directe. La contribution au service de cybersécurité pour les institutions, organes et organismes de l’Union (CERT-UE) peut être comptabilisée dans cette part.
Un service adéquat de suivi, de détection et d’intervention en matière de sécurité informatique est mis en place, à l’aide des services de la CERT-UE. Les incidents majeurs sont signalés à la CERT-UE et à la Commission dans les 24 heures suivant leur détection.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.