On 10 June 2021, the European Banking Authority (EBA) published revised guidelines on major incident reporting under the revised Payment Services Directive (PSD2). The revised guidelines optimise and simplify the reporting process and templates, focus on incidents with significant impact on payment service providers and improve the meaningfulness of the information to be reported.

The revised guidelines introduce changes to some of the original classification criteria and introduce a new criterion on the breach of security of network or information systems, which, following the feedback from the public consultation, was narrowed down in scope from ‘breach of security measures’, as originally proposed. The revised guidelines are also estimated to reduce the reporting burden for payment service providers.

The revised guidelines will apply as of 1 January 2022.