Skip to content
DORA
Source: Delegated regulation - EU - 2024/1772 - EN - EUR-Lex

Overview

COMMISSION DELEGATED REGULATION (EU) 2024/1772

of 13 March 2024

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the criteria for the classification of ICT-related incidents and cyber threats, setting out materiality thresholds and specifying the details of reports of major incidents

(Text with EEA relevance)

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 1, and in particular Article 18(4), third subparagraph, thereof,

Whereas:

The following recitals,

HAVE ADOPTED THIS REGULATION:

Chapter I CLASSIFICATION CRITERIA
Article 1 Clients, financial counterparts and transactions
Article 2 Reputational impact
Article 3 Duration and service downtime
Article 4 Geographical spread
Article 5 Data losses
Article 6 Criticality of services affected
Article 7 Economic impact
Chapter II MAJOR INCIDENTS AND MATERIALITY THRESHOLDS
Article 8 Major incidents
Article 9 Materiality thresholds for determining major incidents
Chapter III SIGNIFICANT CYBER THREATS
Article 10 High materiality thresholds for determining significant cyber threats
Chapter IV RELEVANCE OF MAJOR INCIDENTS TO COMPETENT AUTHORITIES IN OTHER MEMBER STATES AND DETAILS OF REPORTS TO BE SHARED WITH OTHER COMPETENT AUTHORITIES
Article 11 Relevance of major incidents to competent authorities in other Member States
Article 12 Details of major incidents to be shared with other competent authorities
Chapter V FINAL PROVISIONS
Article 13 Entry into force

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels, 13 March 2024.

  • For the Commission

    The President

    Ursula VON DER LEYEN

Footnotes

  1. OJ L 333, 27.12.2022, p. 1, ELI: http://data.europa.eu/eli/reg/2022/2554/oj.