Source: OJ L, 2024/1772, 25.6.2024
EN- Digital operational resilience in the financial sector
ICT-related incidents
- RTS on incident classification
Article 8 Major incidents
An incident shall be considered a major incident for the purposes of Article 19(1) of Regulation (EU) 2022/2554 where it has affected critical services as referred to in Article 6 and where either of the following conditions is fulfilled:
the materiality threshold referred to in Article 9(5), point (b), is met;
two or more of the other materiality thresholds referred to in Articles 9(1) to (6) are met.
Recurring incidents that individually are not considered a major incident in accordance with paragraph 1 shall be considered as one major incident where they meet all of the following conditions:
they have occurred at least twice within 6 months;
they have the same apparent root cause as referred to in Article 20, first subparagraph, point (b) of Regulation (EU) 2022/2554;
they collectively fulfil the criteria for being considered a major incident set out in paragraph 1.
Financial entitiesas defined in Article 2, points (a) to (t) shall assess the existence of recurring incidents on a monthly basis.
This paragraph does not apply to microenterprises means a financial entity, other than a trading venue, a central counterparty, a trade repository or a central securities depository, which employs fewer than 10 persons and has an annual turnover and/or annual balance sheet total that does not exceed EUR 2 million; and to financial entitiesas defined in Article 2, points (a) to (t) listed in Article 16(1) of Regulation (EU) 2022/2554.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.