2024-01-05
Added · Updated
The Commission de Surveillance du Secteur Financier (CSSF) issued Circular 24/847 to establish a comprehensive framework for reporting ICT-related incidents. This regulation supersedes previous guidelines, including Circular 11/504, to align supervisory practices with evolving digital operational resilience standards. It mandates specific notification procedures for significant cyber threats and major incidents affecting financial entities under CSSF supervision.
Published on 5 January 2024
Email this
Share this on LinkedIn
Share this on Facebook
CSSF circular
on ICT-related incident reporting framework
Communiqué of 5 January 2024
PDF (300.89Kb)
PDF (213.33Kb)
Related documents
28 May 2025
Circular CSSF 25/893
on reporting of major ICT-related incidents and significant cyber threats under the Digital Operational Resilience Act (DORA)
PDF (207.99Kb)
PDF (148.31Kb)
Updated on 17 January 2025
Circular CSSF 24/847 Major ICT-related incident notification, DORA Major ICT-related incident and significant cyber threats reporting
User guide
PDF (2.93Mb)
5 January 2024
CSSF FAQ related to Circular CSSF 24/847 on ICT-related incident reporting framework
PDF (341.29Kb)
PDF (331.47Kb)
5 January 2024
CSSF Regulation No 24-01 of 5 January 2024
relating to the notification of incidents according to the Law of 28 May 2019 transposing Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of…
Lien
PDF (49.76Kb)
Archived on 1 June 2024
Circular CSSF 11/504 repealed by Circular CSSF 24/847
Frauds and incidents due to external computer attacks
PDF (316.24Kb)
PDF (342.92Kb)