2024-01-05

Added · Updated

Circular CSSF 24/847 on ICT-related incident reporting framework

The Commission de Surveillance du Secteur Financier (CSSF) issued Circular 24/847 to establish a comprehensive framework for reporting ICT-related incidents. This regulation supersedes previous guidelines, including Circular 11/504, to align supervisory practices with evolving digital operational resilience standards. It mandates specific notification procedures for significant cyber threats and major incidents affecting financial entities under CSSF supervision.

Commission de Surveillance du Secteur Financier logo

Luxembourg

Commission de Surveillance du Secteur Financier

Click to view thumbnail

Published on 5 January 2024

Email this

Share this on LinkedIn

Share this on Facebook

CSSF circular

on ICT-related incident reporting framework

Communiqué of 5 January 2024

PDF (300.89Kb)

PDF (213.33Kb)

Related documents

28 May 2025

Circular CSSF 25/893

on reporting of major ICT-related incidents and significant cyber threats under the Digital Operational Resilience Act (DORA)

PDF (207.99Kb)

PDF (148.31Kb)

27 March 2024

Updated on 17 January 2025

Circular CSSF 24/847 Major ICT-related incident notification, DORA Major ICT-related incident and significant cyber threats reporting

User guide

PDF (2.93Mb)

5 January 2024

CSSF FAQ related to Circular CSSF 24/847 on ICT-related incident reporting framework

PDF (341.29Kb)

PDF (331.47Kb)

5 January 2024

CSSF Regulation No 24-01 of 5 January 2024

relating to the notification of incidents according to the Law of 28 May 2019 transposing Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of…

Lien

PDF (49.76Kb)

11 March 2011

Archived on 1 June 2024

Circular CSSF 11/504 repealed by Circular CSSF 24/847

Frauds and incidents due to external computer attacks

PDF (316.24Kb)

PDF (342.92Kb)