EUFinal DraftDraft RTS
RTS on ICT Incident Classification & Major Incident Thresholds (Final Report)
Final Report on Draft Regulatory Technical Standards specifying the criteria for the classification of ICT-related incidents, materiality thresholds for major incidents and significant cyber threats under Regulation (EU) 2022/2554
Abstract
Final draft Regulatory Technical Standards under DORA specifying harmonised criteria and materiality thresholds for classifying ICT-related incidents, defining major incidents, recurring incidents, and significant cyber threats, and establishing consistent reporting triggers for financial entities across the EU.
Key Takeaways
- Defines common EU-wide criteria for classifying ICT-related incidents and determining when they qualify as major incidents.
- Introduces materiality thresholds for clients, transactions, duration, geographical spread, data loss, and economic impact.
- Makes 'critical services affected' a mandatory condition for major incident classification.
- Sets €100,000 economic impact threshold and quantitative client/transaction thresholds.
- Establishes treatment of recurring incidents and criteria for identifying significant cyber threats.
Keywords
DORAICT incidentsmajor incident thresholdsclassification criteriaJC 2023 83incident reportingregulatory technical standardscyber threats
Need DORA-Aligned AI Architecture?
We build AI systems that satisfy DORA requirements from day one. Audit trails, governance, exit readiness - built in, not bolted on.
Schedule Architecture Reviewviktor@intellectumlab.com | Response within 24 hours