Article 3 Specific information to be provided in intermediate reports
Intermediate reports as referred to in Article 19(4), point (b), of Regulation (EU) 2022/2554 shall contain at least all of the following specific information:
- (a)where applicable, the incident reference code provided by the competent authority;
- (b)the date and time of occurrence of the ICT-related incident;
- (c)where applicable, the date and time when the financial entity has recovered its regular activities;
- (d)information about how the criteria laid down in Articles 1 to 8 of Delegated Regulation (EU) 2024/1772 have been fulfilled, on the basis of which the financial entity classified the ITC-related incident as major;
- (e)the type of ICT-related incident;
- (f)where applicable, the threats and techniques used by the threat actor;
- (g)affected functional areas and business processes;
- (h)affected infrastructure components supporting business processes;
- (i)impact on the financial interest of clients;
- (j)information about reporting about the ICT-related incident to other authorities;
- (k)temporary actions or measures taken or planned to be taken by the financial entity to recover from the ICT-related incident;
- (l)where applicable, information on indicators of compromise.