Regulatory Alerts2020-08-25
Circular CSSF 20/750 on ICT and Security Risk Management Requirements
The Commission de Surveillance du Secteur Financier (CSSF) issued Circular 20/750, subsequently amended by Circulars 22/828 and 25/881, to establish comprehensive requirements for information and communication technology (ICT) and security risk management. These regulations mandate that supervised entities implement robust governance frameworks, risk assessment procedures, and operational resilience measures to mitigate ICT-related threats. The updates ensure that financial sector participants maintain adequate controls and reporting mechanisms to safeguard their digital infrastructure and data integrity.
Published on 25 August 2020
Updated on 9 April 2025
Email this
Share this on LinkedIn
Share this on Facebook
CSSF circular
Requirements regarding information and communication technology (ICT) and security risk management
Contact: Questions and comments regarding the “PSP ICT Assessment” form: pspictassessment@cssf.lu
PDF (293.42Kb)
PDF (239.88Kb)
Related documents
9 April 2025
Circular CSSF 25/881
amending Circular CSSF 20/750 on requirements regarding information and communication technology (ICT) and security risk management
PDF (425.02Kb)
PDF (380.9Kb)
29 December 2022
Circular CSSF 22/828
Amendment of Circular CSSF 20/750 on requirements regarding information and communication (ICT) and security risk management
PDF (112.73Kb)
PDF (115.03Kb)