Final Report - Draft Regulatory Technical Standards on the content of the notification and reports for major incidents and significant cyber threats and determining the time limits for reporting major incidents and Draft Implementing Technical Standards on the standard forms, templates and procedures for financial entities to report a major incident and to notify a significant cyber threat (JC 2024 33)

Comparison of Draft Technical Standards: Consultation Paper vs Final Report

The ESAs second set of technical standards under the DORA aimed at enhancing the digital operational resilience of the EU financial sector by strengthening financial entities’ ICT and third-party risk management and incident reporting frameworks.

RTS on the content, format, templates and timelines for reporting major ICT-related incidents and significant cyber threats	Consultation	Final Report	Comparison
ITS on the content, format, templates and timelines for reporting major ICT-related incidents and significant cyber threats	Consultation	Final Report	Comparison
RTS on the harmonization of conditions enabling the conduct of the oversight activities	Consultation	Final Report	Comparison
RTS specifying the criteria for determining the composition of the joint examination team (JET)	Consultation	Final Report	Comparison
RTS on threat-led penetration testing (TLPT)	Consultation	Final Report	Comparison
Guidelines on the estimation of aggregated costs/losses caused by major ICT-related incidents	Consultation	Final Report	Comparison
Guidelines on oversight cooperation	Consultation	Final Report	Comparison

Comparing proposed amendment...


	1. Executive Summary
	2. List of abbreviations
	3. Background and rationale (paras. 1-44)
	3.1 Background (paras. 1-7)
	3.2 Rationale (paras. 8-44)
	4. Draft regulatory technical standards
	Recitals
	Article 1 General provisions
	Article 2 General information to be provided in the major incident initial notification, intermediate and final reports
	Article 3 Content of initial notifications
	Article 4 Content of intermediate reports
	Article 5 Content of final reports
	Article 6 Time limits for the initial notification and intermediate report and final reports referred to in Article 19(4) of Regulation (EU) 2022/2554
	Article 7 Content of the voluntary notification of significant cyber threat
	Article 8 Entry into force
	Done at
	5. Draft implementing technical standards
	Recitals
	Article 1 Standard form for reporting of ICT-related major incidents
	Article 2 Submission of initial notification, intermediate and final reports together
	Article 3 Recurring incidents
	Article 4 Use of secure channels in case of deviation from established channels or time limits
	Article 5 Reclassification of major incidents
	Article 6 Notification of outsourcing of the reporting obligation
	Article 7 Aggregated reporting
	Article 8 Standard form for voluntary reporting of notification of significant cyber threats
	Article 9 Entry into force and application
	Annex I Templates for the reporting of major incidents
	Annex II Data glossary and instructions for the reporting of major incidents
	Annex III Templates for notification of significant cyber threats
	Annex IV Data glossary and instructions for notification of significant cyber threats
	Done at
	6. Accompanying documents
	6.1. Draft cost-benefit analysis / impact assessment
	6.2. Feedback on the public consultation and on the opinion of the ESAs stakeholder groups

RELATED

Document overview

Set a date to view the document

Text comparison

Print / Export Options

Export

Report template

Bookmarks

Search within this document

Request a trial

The best way to experience Better Regulation is to try it - free and without obligation.