(1) Where a major operational or security incident occurs, a payment service provider shall, without undue delay, notify the competent authority of its home Member State.
(2) Where an incident to which paragraph (1) applies has or may have an impact on the financial interests of the payment service users of the payment service provider concerned, the payment service provider shall, without undue delay, inform its payment service users of the incident and of all measures that those users can take to mitigate the adverse effects of the incident.
(3) The Bank shall, following receipt of a notification referred to in paragraph (1), without undue delay, provide the relevant details of the incident to the European Banking Authority and to the European Central Bank.
(4) The Bank shall, following receipt of a notification referred to in paragraph (1) and after assessing the relevance of the incident concerned to relevant authorities of the State, notify those authorities accordingly.
(5) Where
…