My favourites

Chapter III – ICT-related incident management, classification and reporting (Art. 17-23)

Art. 17 DORA - ICT-related incident management process arrow_right_alt

Art. 18 DORA - Classification of ICT-related incidents and cyber threats arrow_right_alt

Art. 19 DORA - Reporting of major ICT-related incidents and voluntary notification of significant cyber threats arrow_right_alt

Art. 20 DORA - Harmonisation of reporting content and templates arrow_right_alt

Art. 21 DORA - Centralisation of reporting of major ICT-related incidents arrow_right_alt

  1. The ESAs, through the Joint Committee, and in consultation with the ECB and ENISA, shall prepare a joint report assessing the feasibility of further centralisation of incident reporting through the establishment of a single EU Hub for major ICT-related incident reporting by financial entities. The joint report shall explore ways to facilitate the flow of ICT-related incident reporting, reduce associated costs and underpin thematic analyses with a view to enhancing supervisory convergence.
  2. The joint report referred to in paragraph 1 shall comprise at least the following elements:
    1. prerequisites for the establishment of a single EU Hub;
    2. benefits, limitations and risks, including risks associated with the high concentration of sensitive information;
    3. the necessary capability to ensure interoperability with regard to other relevant reporting schemes;
    4. elements of operational management;
    5. conditions of membership;
    6. technical arrangements for financial entities and national competent authorities to access the single EU Hub;
    7. a preliminary assessment of financial costs incurred by setting-up the operational platform supporting the single EU Hub, including the requisite expertise.
  3. The ESAs shall submit the report referred to in paragraph 1 to the European Parliament, to the Council and to the Commission by 17 January 2025.
Close tabsclose
  • 55

Recital 55

The ESAs should be tasked with assessing the feasibility and conditions for a possible centralisation of ICT-related incident reports at Union level. Such centralisation could consist of a single EU Hub for major ICT-related incident reporting either directly receiving relevant reports and automatically notifying national competent authorities, or merely centralising relevant reports forwarded by the national competent authorities and thus fulfilling a coordination role. The ESAs should be tasked with preparing, in consultation with the ECB and ENISA, a joint report exploring the feasibility of setting up a single EU Hub.

Art. 22 DORA - Supervisory feedback arrow_right_alt

Art. 23 DORA - Operational or security payment-related incidents concerning credit institutions, payment institutions, account information service providers, and electronic money institutions arrow_right_alt