Source: OJ L, 2025/302, 20.2.2025Current language: FR
- Digital operational resilience in the financial sector
ICT-related incidents
- ITS on templates for incident reporting
Article 5 Reclassement des incidents majeurs liés aux TIC
Summary What does Article 5 of the ITS on templates for incident reporting say?
This article addresses the scenario where a financial entity, upon further review, determines that an ICT-related incident it previously reported as major never actually met the classification criteria for being major in the first place.
It sets out the procedure for correcting that classification by formally notifying the competent authority of the reclassification from major to non-major.
This article acts as a corrective mechanism that sits alongside the broader reporting framework established in earlier articles of this regulation.
Important points:
- If you previously reported an incident as major but later conclude it never met the threshold, notify the competent authority of the reclassification.
- Use the template in Annex II, specifically the fields 'type of report' and 'other information', to communicate the reclassification.
- The trigger is a conclusion that the incident never fulfilled the classification criteria at any point in time, not merely that it ceased to qualify after the fact.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Si, à l’issue d’une évaluation complémentaire, l’entité financière conclut que l’incident lié aux TIC précédemment déclaré comme incident majeur ne remplissait à aucun moment les critères de classification ni n’atteignait les seuils visés à l’article 8 du règlement délégué (UE) 2024/1772, elle notifie à l’autorité compétente avoir reclassé l’incident lié aux TIC de majeur en incident non majeur en fournissant les informations relatives à ce reclassement au moyen du modèle figurant à l’annexe II du présent règlement en ce qui concerne les champs «type de soumission» et «autres informations».
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
sécurité des réseaux et des systèmes d’information
(En. security of network and information systems)
Definition
incident lié aux TIC
(En. ICT-related incident)