Source: OJ L, 2024/1620, 19.6.2024Current language: SV
- Anti-money laundering
Basic legislative acts
- Anti-money laundering authority regulation (AMLAR)
Artikel 83 It-säkerhet
Summary What does Article 83 of the Anti-money laundering authority regulation (AMLAR) say?
This article sets out the IT governance and cybersecurity requirements for the Authority itself.
It establishes that IT governance sits at the level of the Executive Director, who is responsible for managing the IT budget and reporting to the Executive Board on compliance with IT security rules.
The article also mandates a transparent allocation of IT expenditure to direct security and requires the establishment of an IT security monitoring and response service, with a specific reporting obligation to CERT-EU and the Commission in the event of major incidents.
Important points:
- The Authority must establish internal IT governance at the Executive Director level, including budget management and regular compliance reporting to the Executive Board.
- A sufficient and transparent share of IT expenditure must be allocated to direct IT security, with contributions to CERT-EU counting toward that share.
- Major IT security incidents must be reported to both CERT-EU and the Commission within 24 hours of detection.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Myndigheten ska inrätta en intern enhet för it-styrning på verkställande direktörens nivå som ska upprätta och förvalta it-budgeten och rapportera regelbundet till direktionen om uppfyllandet av gällande regler och standarder för it-säkerhet.
Myndigheten ska se till att en tillräcklig andel av dess it-utgifter anslås till direkt it-säkerhet på ett transparent sätt. Bidraget till cybersäkerhetstjänsten för unionens institutioner, organ och byråer (CERT-EU) får räknas in i den andelen.
En lämplig it-säkerhetstjänst för övervakning, upptäckt och hantering ska upprättas med hjälp av CERT-EU. Större incidenter ska rapporteras till CERT-EU och kommissionen inom 24 timmar efter det att de upptäckts.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.