Regulatory Alerts2025-06-30
Guidance on Incident Reporting under DORA
The Norwegian Financial Supervisory Authority (Finanstilsynet) has issued guidance on incident reporting requirements under the Digital Operational Resilience Act (DORA) to ensure rapid and uniform understanding of ICT incidents and cyber threats across the financial sector. The document details the specific criteria for classifying serious ICT-related incidents, including the mandatory reporting thresholds and the strict deadlines for submitting initial notifications, status reports, and final reports. It further clarifies procedures for voluntary reporting of significant cyber threats, collective reporting by third-party providers, and the outsourcing of reporting obligations while maintaining ultimate responsibility with the financial entity.