Regulatory Alerts2025-06-23
Instruction No. 2025-I-10 on Major ICT Incident Reporting and Voluntary Notification of Significant Cyber Threats to the ACPR
The Autorité de contrôle prudentiel et de résolution (ACPR) issued Instruction No. 2025-I-10 to mandate major ICT incident reporting and enable voluntary notification of significant cyber threats by designated financial entities. The instruction applies to a comprehensive list of banking, payment, investment, insurance, and reinsurance firms, requiring them to adhere to EU Digital Operational Resilience Act standards. These obligations become effective on July 1, 2025, with technical submissions required via JSON teletransmission to the ACPR General Secretariat.
Share