Source: OJ L, 2024/1772, 25.6.2024
EN- Digital operational resilience in the financial sector
ICT-related incidents
- RTS on incident classification
Article 2 Reputational impact
For the purposes of determining the reputational impact of the incident as referred to in Article 18(1), point (a), of Regulation (EU) 2022/2554, financial entitiesas defined in Article 2, points (a) to (t) shall consider that a reputational impact has occurred where at least one of the following criteria is met:
the incident has been reflected in the media;
the incident has resulted in repetitive complaints from different clients or financial counterparts on client-facing services or critical business relationships;
the financial entity will not be able to or is likely not to be able to meet regulatory requirements as a result of the incident;
the financial entity will or is likely to lose clients or financial counterparts with a material impact on its business as a result of the incident.
When assessing the reputational impact of the incident, financial entitiesas defined in Article 2, points (a) to (t) shall take into account the level of visibility that the incident has gained or is likely to gain in relation to each criterion listed in paragraph 1.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.