Article 6 | Delegated Regulation 2024/1772

Updated 05/02/2025

Metadata

In force

Initial Legal Act

Amendments

Article 6 - Delegated Regulation 2024/1772

Article 6

Criticality of services affected

For the purpose of determining the criticality of the services affected as referred to in Article 18(1), point (e), of Regulation (EU) 2022/2554, financial entities shall assess whether the incident:

(a)	affects or has affected ICT services or network and information systems that support critical or important functions of the financial entity;

(b)	affects or has affected financial services provided by the financial entity that require authorisation, registration or that are supervised by competent authorities;

(c)	constitutes or has constituted a successful, malicious and unauthorised access to the network and information systems of the financial entity.

Recitals

CHAPTER I - CLASSIFICATION CRITERIA (Article 1-7)Article 1 - Clients, financial counterparts and transactions Article 2 - Reputational impact Article 3 - Duration and service downtime Article 4 - Geographical spread Article 5 - Data losses Article 6 - Criticality of services affected Q&A Article 7 - Economic impact

CHAPTER II - MAJOR INCIDENTS AND MATERIALITY THRESHOLDS (Article 8-9)

CHAPTER III - SIGNIFICANT CYBER THREATS (Article 10)

CHAPTER IV - RELEVANCE OF MAJOR INCIDENTS TO COMPETENT AUTHORITIES IN OTHER MEMBER STATES AND DETAILS OF REPORTS TO BE SHARED WITH OTHER COMPETENT AUTHORITIES (Article 11-12)

CHAPTER V - FINAL PROVISIONS (Article 13)

Metadata

Related documents

Article 6 - Delegated Regulation 2024/1772

Table of contents