2025-05-28

Added · Updated

Circular CSSF 25/893 on reporting of major ICT-related incidents and significant cyber threats under DORA

The CSSF issued Circular 25/893 to establish reporting requirements for major ICT-related incidents and significant cyber threats under the Digital Operational Resilience Act. This circular repeals the previous Circular CSSF 21/787, which applied EBA Guidelines on major incident reporting under PSD2. The new regulation updates the framework for financial entities to ensure consistent and timely disclosure of critical cyber risks and incidents.

Commission de Surveillance du Secteur Financier logo

Luxembourg

Commission de Surveillance du Secteur Financier

Click to view thumbnail

Published on 28 May 2025

Email this

Share this on LinkedIn

Share this on Facebook

CSSF circular

on reporting of major ICT-related incidents and significant cyber threats under the Digital Operational Resilience Act (DORA)

PDF (207.99Kb)

PDF (148.31Kb)

Related documents

5 January 2024

Circular CSSF 24/847

on ICT-related incident reporting framework

PDF (300.89Kb)

PDF (213.33Kb)

20 December 2021

Archived on 28 November 2025

Circular CSSF 21/787 repealed by Circular CSSF 25/893

Application of the EBA Guidelines (EBA/GL/2021/03) on major incident reporting under PSD2

PDF (1.14Mb)