Article 6 Content of the voluntary notification of significant cyber threats


The content of the voluntary notification in relation to significant cyber threats means a cyber threat the technical characteristics of which indicate that it could have the potential to result in a major ICT-related incident or a major operational or security payment-related incident; as referred to in Article 19(2) of Regulation (EU) 2022/2554 shall cover all of the following:

  1. general information about the notifying financial entity as set out in Article 1;

  2. the date and time of detection of the significant cyber threat means a cyber threat the technical characteristics of which indicate that it could have the potential to result in a major ICT-related incident or a major operational or security payment-related incident; and any other relevant timestamps related to the significant cyber threat means a cyber threat the technical characteristics of which indicate that it could have the potential to result in a major ICT-related incident or a major operational or security payment-related incident;;

  3. a description of the significant cyber threat means a cyber threat the technical characteristics of which indicate that it could have the potential to result in a major ICT-related incident or a major operational or security payment-related incident;;

  4. information about the potential impact of the significant cyber threat means a cyber threat the technical characteristics of which indicate that it could have the potential to result in a major ICT-related incident or a major operational or security payment-related incident; on the financial entity, its clients, or financial counterparts;

  5. the classification criteria that would have triggered a major incident report laid down in Articles 1 to 8 of Delegated Regulation (EU) 2024/1772 if the cyber threat means ‘cyber threat’ as defined in Article 2, point (8), of Regulation (EU) 2019/881; had materialised;

  6. information about the status of the significant cyber threat means a cyber threat the technical characteristics of which indicate that it could have the potential to result in a major ICT-related incident or a major operational or security payment-related incident; and any changes in the threat activity;

  7. where applicable, a description of the actions taken by the financial entity to prevent the materialisation of the significant cyber threats means a cyber threat the technical characteristics of which indicate that it could have the potential to result in a major ICT-related incident or a major operational or security payment-related incident;;

  8. information about any notification of the significant cyber threat means a cyber threat the technical characteristics of which indicate that it could have the potential to result in a major ICT-related incident or a major operational or security payment-related incident; to other financial entitiesas defined in Article 2, points (a) to (t) or authorities;

  9. where applicable, information on indicators of compromise;

  10. where available, any other relevant information.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod