Article 5 | Delegated Regulation 2024/1772

Updated 05/02/2025

Metadata

In force

Initial Legal Act

Amendments

Article 5 - Delegated Regulation 2024/1772

Article 5

Data losses

For the purpose of determining the data losses that the incident entails as referred to in Article 18(1), point (d), of Regulation (EU) 2022/2554, financial entities shall take into account the following:

(a)	in relation to the availability of data, whether the incident has rendered the data on demand by the financial entity, its clients or its counterparts temporarily or permanently inaccessible or unusable;

(b)	in relation to the authenticity of data, whether the incident has compromised the trustworthiness of the source of data;

(c)	in relation to the integrity of data, whether the incident has resulted in non-authorised modification of data that has rendered it inaccurate or incomplete;

(d)	in relation to the confidentiality of data, whether the incident has resulted in data having been accessed by or disclosed to an unauthorised party or system.

Recitals

CHAPTER I - CLASSIFICATION CRITERIA (Article 1-7)Article 1 - Clients, financial counterparts and transactions Article 2 - Reputational impact Article 3 - Duration and service downtime Article 4 - Geographical spread Article 5 - Data losses Article 6 - Criticality of services affected Q&A Article 7 - Economic impact

CHAPTER II - MAJOR INCIDENTS AND MATERIALITY THRESHOLDS (Article 8-9)

CHAPTER III - SIGNIFICANT CYBER THREATS (Article 10)

CHAPTER IV - RELEVANCE OF MAJOR INCIDENTS TO COMPETENT AUTHORITIES IN OTHER MEMBER STATES AND DETAILS OF REPORTS TO BE SHARED WITH OTHER COMPETENT AUTHORITIES (Article 11-12)

CHAPTER V - FINAL PROVISIONS (Article 13)

Metadata

Related documents

Article 5 - Delegated Regulation 2024/1772

Table of contents