Artikel 8 Anmälan av betydande cyberhot

Summary What does Article 8 of the ITS on templates for incident reporting say?

This brief article addresses the procedural requirements for financial entities that choose to notify competent authorities of significant cyber threats.

It mirrors the approach taken in earlier articles of this regulation regarding major ICT-related incident reporting, but applies specifically to the voluntary notification pathway for significant cyber threats under DORA.

Rather than leaving the format open-ended, the article directs financial entities to use a dedicated template and accompanying glossary — namely Annex III and Annex IV — and places a clear obligation on the accuracy and completeness of the information submitted.

Important points:

Use Annex III as the prescribed template and Annex IV as the data glossary when notifying competent authorities of significant cyber threats.
Ensure all information submitted in the notification is complete and accurate.
This article applies specifically to the voluntary notification of significant cyber threats, which are threats that could potentially result in a major ICT-related incident, as distinct from the mandatory major incident reporting covered elsewhere in the regulation.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

1. Finansiella entiteter som anmäler betydande cyberhot till behöriga myndigheter i enlighet med artikel 19.2 i förordning (EU) 2022/2554 ska använda mallen i bilaga III till denna förordning och följa ordlistan och instruktionerna i bilaga IV till denna förordning.
1. Finansiella entiteter ska säkerställa att informationen i anmälan av betydande cyberhot är fullständig och korrekt.

Table of contents

Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.