EU Commission Delegated Regulation 2024/1772 of 13 March 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the criteria for the classification of ICT-related incidents and cyber threats, setting out materiality thresholds and specifying the details of reports of major incidents

Commission Delegated Regulation (EU) 2024/1772 of 13 March 2024 supplements Regulation (EU) 2022/2554 by establishing regulatory technical standards (RTS) that specify the criteria for classifying ICT-related incidents and cyber threats within the financial sector. It sets out detailed materiality thresholds to determine when an incident qualifies as a major ICT-related incident, based on criteria such as the number and relevance of clients affected, data losses, duration and service downtime, geographical spread, reputational and economic impact, and whether critical services are affected. The regulation also specifies the detailed content and format of reports that financial entities must submit for major incidents, ensuring harmonized and streamlined reporting across the EU. Furthermore, it addresses the classification of significant cyber threats by assessing their potential impact on critical or important business functions and the likelihood of their materialization. This framework aims to enhance digital operational resilience by providing clear guidance on incident classification and reporting obligations under the Digital Operational Resilience Act (DORA).

Publication's URL

URL: https://eur-lex.europa.eu/eli/reg_del/2024/1772/oj/eng

Publication's scorecard

Error: unable to get links from server. Please make sure that your site supports either file_get_contents() or the cURL library.