Updated 09/05/2025
In force since 12/03/2025

Initial Legal Act
References (4)
eba.europa.eu/activities/single-rulebook/regulatory-activities/operational-resilience/joint-technical-standards
20/02/2025
Implementing Regulation 2025/302 published in OJ
17/07/2024
JC 2024 33
Final Draft published
17/07/2024
JC 2024 33
Final Draft published
17/07/2024
JC 2024 33
Final Draft published
08/12/2023
JC/2023/70
Consultation published
27/11/2023
JC/2023/70
Consultation published
27/11/2023
JC/2023/70
Consultation published
Search within this legal act
DORA ToolImplementing Regulation 2025/302

Implementing Regulation 2025/302

Commission Implementing Regulation (EU) 2025/302 of 23 October 2024 laying down implementing technical standards for the application of Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to the standard forms, templates, and procedures for financial entities to report a major ICT-related incident and to notify a significant cyber threat

RecitalsArticle 1 - Template for reporting ICT-related major incidentsArticle 2 - Joint submission of initial notification, intermediate and final reportsArticle 3 - Recurring ICT-related incidentsArticle 4 - Use of secure electronic channelsArticle 5 - Reclassification of major ICT-related incidentsArticle 6 - Notification of outsourcing of the reporting obligationsArticle 7 - Aggregated reporting Article 8 - Notification of significant cyber threatsArticle 9 - Entry into forceANNEX I - TEMPLATES FOR THE REPORTING OF MAJOR INCIDENTSANNEX II - DATA GLOSSARY AND INSTRUCTIONS FOR THE REPORTING OF MAJOR INCIDENTSANNEX III - TEMPLATES FOR NOTIFICATION OF SIGNIFICANT CYBER THREATSANNEX IV - DATA GLOSSARY AND INSTRUCTIONS FOR NOTIFICATION OF SIGNIFICANT CYBER THREATS