Article 3 Incidents récurrents liés aux TIC

Summary What does Article 3 of the ITS on templates for incident reporting say?

This brief article addresses a specific edge case in incident reporting: where a series of individually non-major ICT-related incidents, when viewed together, cumulatively satisfy the threshold for a single major ICT-related incident.

In such scenarios, financial entities are required to report that information in an aggregated form rather than as separate individual reports.

The conditions for what constitutes a major ICT-related incident in this cumulative context are defined by reference to Article 8(2) of Delegated Regulation (EU) 2024/1772.

Important points:

Where your non-major recurring ICT incidents cumulatively meet the criteria for a major ICT-related incident, report them in aggregated form rather than individually.
The threshold for determining when cumulative incidents qualify as one major incident is set out in Article 8(2) of Delegated Regulation (EU) 2024/1772.
This obligation applies to financial entities providing information on recurring, non-major ICT-related incidents.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

Les entités financières qui fournissent des informations sur les incidents récurrents non majeurs liés aux TIC qui remplissent cumulativement les conditions applicables à un incident majeur lié aux TIC énoncées à l’article 8, paragraphe 2, du règlement délégué (UE) 2024/1772 transmettent ces informations sous une forme agrégée.

Table of contents

Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.