Source: OJ L, 2025/301, 20.2.2025Current language: FR
- Digital operational resilience in the financial sector
ICT-related incidents
- RTS on incident reporting
Article 4 Informations spécifiques à fournir dans les rapports finaux
Summary What does Article 4 of the RTS on incident reporting say?
Article 4 completes the three-part reporting sequence established across Articles 2, 3, and 4 by specifying what must be included in the final report submitted following a major ICT-related incident.
Where the initial notification and intermediate report focus on early detection and ongoing status, this final report is retrospective in nature — it requires financial entities to provide a thorough post-incident account covering root causes, resolution details, and the financial impact of the incident.
Important points:
- Include a full account of root causes, resolution details, and the dates and times the incident was resolved and root causes addressed.
- Report on both direct and indirect costs and losses from the incident, as well as any financial recoveries.
- Where applicable, provide information relevant for resolution authorities and flag any recurring ICT-related incidents.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Les rapports finaux visés à l’article 19, paragraphe 4, point c), du règlement (UE) 2022/2554 contiennent toutes les informations spécifiques suivantes:
des informations sur les causes originelles de l’incident lié aux TIC;
les dates et heures auxquelles l’incident lié aux TIC a été résolu et la ou les causes originelles ont été traitées;
des informations sur la résolution de l’incident lié aux TIC;
le cas échéant, les informations pertinentes pour les autorités de résolution;
des informations sur les coûts et pertes directs et indirects découlant de l’incident lié aux TIC et des informations sur les recouvrements financiers;
le cas échéant, des informations sur les incidents récurrents liés aux TIC.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
sécurité des réseaux et des systèmes d’information
(En. security of network and information systems)
Definition
incident lié aux TIC
(En. ICT-related incident)