Artikel 4 Särskild information som ska lämnas i en slutrapport

Summary What does Article 4 of the RTS on incident reporting say?

Article 4 completes the three-part reporting sequence established across Articles 2, 3, and 4 by specifying what must be included in the final report submitted following a major ICT-related incident.

Where the initial notification and intermediate report focus on early detection and ongoing status, this final report is retrospective in nature — it requires financial entities to provide a thorough post-incident account covering root causes, resolution details, and the financial impact of the incident.

Important points:

Include a full account of root causes, resolution details, and the dates and times the incident was resolved and root causes addressed.
Report on both direct and indirect costs and losses from the incident, as well as any financial recoveries.
Where applicable, provide information relevant for resolution authorities and flag any recurring ICT-related incidents.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

En slutrapport enligt artikel 19.4 c i förordning (EU) 2022/2554 ska innehålla åtminstone följande specifika uppgifter:

Information om bakomliggande orsaker till den IKT-relaterade incidenten.
Datum och klockslag då den IKT-relaterade incidenten åtgärdades och de bakomliggande orsakerna hanterades.
Information om hur den IKT-relaterade incidenten åtgärdades.
I tillämpliga fall, information som är relevant för resolutionsmyndigheter.
Information om direkta och indirekta kostnader och förluster till följd av den IKT-relaterade incidenten samt information om finansiella återkrav.
I tillämpliga fall, information om återkommande IKT-relaterade incidenter.

Table of contents

Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.