Source: OJ L, 2025/301, 20.2.2025Current language: SV
- Digital operational resilience in the financial sector
ICT-related incidents
- RTS on incident reporting
Artikel 6 Innehåll i den frivilliga anmälan av betydande cyberhot
Summary What does Article 6 of the RTS on incident reporting say?
This article sets out what financial entities must include when making a voluntary notification about a significant cyber threat — that is, a cyber threat that could potentially result in a major ICT-related incident, even if it has not yet materialised.
It complements the mandatory incident reporting framework established in earlier articles by addressing this distinct, pre-incident scenario.
The content requirements cover the nature and status of the threat, its potential impact, the classification criteria that would have applied had it escalated into a real incident, and any actions taken or notifications made to other parties.
Important points:
- Include the classification criteria from Delegated Regulation (EU) 2024/1772 that would have triggered a major incident report, treating the voluntary notification as a hypothetical major incident assessment.
- Provide details on the potential impact of the significant cyber threat on your financial entity, its clients, and financial counterparts.
- Notify whether the significant cyber threat has been reported to other financial entities or authorities, ensuring transparency across the broader reporting landscape.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Innehållet i den frivilliga anmälan av betydande cyberhot som avses i artikel 19.2 i förordning (EU) 2022/2554 ska omfatta följande:
Allmän information om den anmälande finansiella entiteten enligt artikel 1.
Datum och klockslag då det betydande cyberhotet upptäcktes och andra relevanta tidsstämplar som har anknytning till det betydande cyberhotet.
En beskrivning av det betydande cyberhotet.
Information om det betydande cyberhotets potentiella inverkan på den finansiella entiteten, dess kunder eller finansiella motparter.
De klassificeringskriterier som skulle ha föranlett en rapport om allvarliga incidenter enligt artiklarna 1–8 i delegerad förordning (EU) 2024/1772 om cyberhotet hade materialiserats.
Information om det betydande cyberhotets status och om eventuella förändringar i hotaktivitet.
I tillämpliga fall, en beskrivning av de åtgärder som den finansiella entiteten har vidtagit för att förhindra att de betydande cyberhoten materialiseras.
Information om alla underrättelser om det betydande cyberhotet till andra finansiella entiteter eller myndigheter.
I tillämpliga fall, information om angreppsindikatorer.
Om tillgänglig, annan relevant information.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
IKT-relaterad incident
(En. ICT-related incident)
Definition
allvarlig betalningsrelaterad operativ incident eller säkerhetsincident
(En. major operational or security payment-related incident)
Definition
allvarlig IKT-relaterad incident
(En. major ICT-related incident)
Definition
cyberhot
(En. cyber threat)
Definition
nätverks- och informationssystem
(En. network and information system)
Definition
säkerhet i nätverks- och informationssystem
(En. security of network and information systems)
Definition
betydande cyberhot
(En. significant cyber threat)
Definition
betalningsrelaterad operativ incident eller säkerhetsincident
(En. operational or security payment-related incident)