Delegated Regulation on ITS for ICT Incident Reporting

Commission Implementing Regulation (EU) laying down implementing technical standards (ITS) for the application of Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to the standard forms, templates, and procedures for financial entities to report a major ICT-related incident and to notify a significant cyber threat

This implementing regulation specifies the templates and procedures that financial entities must use to report major ICT-related incidents and notify significant cyber threats under DORA. It outlines a standardized approach for incident data collection, reporting requirements for third-party providers, and aggregated reporting options. Additionally, it addresses secure submission methods and conditions for reclassifying incidents.