Article 8 | Implementing Regulation 2025/302

Updated 09/05/2025

Metadata

In force

Initial Legal Act

Amendments

Article 8 - Implementing Regulation 2025/302

Article 8

Notification of significant cyber threats

1. Financial entities that notify significant cyber threats to competent authorities in accordance with Article 19(2) of Regulation (EU) 2022/2554 shall use the template laid down in Annex III to this Regulation and follow the data glossary and instructions set out Annex IV to this Regulation.

2. Financial entities shall ensure that the information contained in the notification of significant cyber threats is complete and accurate.

Recitals Article 1 - Template for reporting ICT-related major incidents Article 2 - Joint submission of initial notification, intermediate and final reports Article 3 - Recurring ICT-related incidents Article 4 - Use of secure electronic channels Article 5 - Reclassification of major ICT-related incidents Article 6 - Notification of outsourcing of the reporting obligations Article 7 - Aggregated reporting Article 8 - Notification of significant cyber threats Article 9 - Entry into force ANNEX I - TEMPLATES FOR THE REPORTING OF MAJOR INCIDENTS ANNEX II - DATA GLOSSARY AND INSTRUCTIONS FOR THE REPORTING OF MAJOR INCIDENTS ANNEX III - TEMPLATES FOR NOTIFICATION OF SIGNIFICANT CYBER THREATS ANNEX IV - DATA GLOSSARY AND INSTRUCTIONS FOR NOTIFICATION OF SIGNIFICANT CYBER THREATS

Metadata

Related documents

Article 8 - Implementing Regulation 2025/302

Table of contents