DORA – Postponement of notification to financial entities of their obligation to report a major incident on weekends or bank holidays
In a communiqué dated January 15, 2025, the CSSF indicated that it would notify financial entities identified as those which, in accordance with article 5, paragraph 5, of the regulatory technical standards (RTS)1, cannot be exempted from reporting a major incident during weekends and bank holidays when the time limit for submitting notification of that incident falls on a weekend day or a bank holiday. This notification by the CSSF to the concerned financial entities was to have taken place before the end of February.
However, considering that Article 5(5) of the RTS refers to Directive (EU) 2022/2555 of 14 December 2022 on measures for a high common level of cybersecurity across the Union (NIS 2 Directive), the CSSF informs financial entities that the notification to the concerned financial entities of their obligation to report a major incident on weekends or bank holidays cannot take place until this Directive is transposed at national level and is therefore postponed.
1 Commission Delegated Regulation (EU) 2025/301 of 23 October 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the content and time limits for the initial notification of, and intermediate and final report on, major ICT-related incidents, and the content of the voluntary notification for significant cyber threats
First, please LoginComment After ~