DORA RTS on Incident Classification - REGULATION (EU) 2024/1772 | Article 6: Criticality of services affected

Article 6 Criticality of services affected

For the purpose of determining the criticality of the services affected as referred to in Article 18(1), point (e), of Regulation (EU) 2022/2554, financial entities shall assess whether the incident:

(a)
affects or has affected ICT services or network and information systems that support critical or important functions of the financial entity;
(b)
affects or has affected financial services provided by the financial entity that require authorisation, registration or that are supervised by competent authorities;
(c)
constitutes or has constituted a successful, malicious and unauthorised access to the network and information systems of the financial entity.