Regulatory Alerts2025-06-30
User Guide for Incident Reporting under DORA
The Norwegian Financial Supervisory Authority mandates that financial entities report serious ICT-related incidents via Altinn form KRT-3190 starting July 1, 2025. The guide details the step-by-step submission process, including initial notifications, follow-up reports, and aggregated reporting for group entities, while establishing Excel as the backup method for technical failures. Additionally, significant cyber threats must be reported via form KRT-3191, and the previous PSD2 incident reporting form is discontinued.
Share