2025-05-28
Added · Updated
The CSSF issued Circular 25/893 to establish reporting requirements for major ICT-related incidents and significant cyber threats under the Digital Operational Resilience Act. This circular repeals the previous Circular CSSF 21/787, which applied EBA Guidelines on major incident reporting under PSD2. The new regulation updates the framework for financial entities to ensure consistent and timely disclosure of critical cyber risks and incidents.
Published on 28 May 2025
Email this
Share this on LinkedIn
Share this on Facebook
CSSF circular
on reporting of major ICT-related incidents and significant cyber threats under the Digital Operational Resilience Act (DORA)
PDF (207.99Kb)
PDF (148.31Kb)
Related documents
5 January 2024
Circular CSSF 24/847
on ICT-related incident reporting framework
PDF (300.89Kb)
PDF (213.33Kb)
Archived on 28 November 2025
Circular CSSF 21/787 repealed by Circular CSSF 25/893
Application of the EBA Guidelines (EBA/GL/2021/03) on major incident reporting under PSD2
PDF (1.14Mb)