Article 5 | Implementing Regulation 2025/302

Updated 09/05/2025

Metadata

In force

Initial Legal Act

Amendments

Article 5 - Implementing Regulation 2025/302

Article 5

Reclassification of major ICT-related incidents

Where after further assessment, the financial entity concludes that the ICT-related incident previously reported as major, at no time fulfilled the classification criteria and thresholds set out in Article 8 of Delegated Regulation (EU) 2024/1772, the financial entity shall notify to the competent authority that it has reclassified the ICT-related incident from major to non-major by providing the information about that reclassification in the template laid down in Annex II to this Regulation in relation to the fields ‘type of report’ and ‘other information’.

Recitals Article 1 - Template for reporting ICT-related major incidents Article 2 - Joint submission of initial notification, intermediate and final reports Article 3 - Recurring ICT-related incidents Article 4 - Use of secure electronic channels Article 5 - Reclassification of major ICT-related incidents Article 6 - Notification of outsourcing of the reporting obligations Article 7 - Aggregated reporting Article 8 - Notification of significant cyber threats Article 9 - Entry into force ANNEX I - TEMPLATES FOR THE REPORTING OF MAJOR INCIDENTS ANNEX II - DATA GLOSSARY AND INSTRUCTIONS FOR THE REPORTING OF MAJOR INCIDENTS ANNEX III - TEMPLATES FOR NOTIFICATION OF SIGNIFICANT CYBER THREATS ANNEX IV - DATA GLOSSARY AND INSTRUCTIONS FOR NOTIFICATION OF SIGNIFICANT CYBER THREATS

Metadata

Related documents

Article 5 - Implementing Regulation 2025/302

Table of contents