Regulatory Alerts2021-10-29
Communication of 29 October 2021: Implementation for Payment Service Providers of the Updated EBA Guidelines on Major Incident Reporting under PSD2 (EBA/GL/2021/03)
The Bank of Italy issues this communication to implement the updated EBA Guidelines on major incident reporting under PSD2 for payment service providers, effective January 1, 2022. The document establishes new criteria for classifying security breaches and simplifies reporting obligations by extending initial report deadlines to four hours after classification and limiting interim reports to incidents lasting over three working days. Payment service providers must continue to report directly to the Bank of Italy, with significant banks maintaining a two-hour notification window to align with ECB cyber incident requirements.
Share