On 23 October 2024, the European Commission adopted:
- Commission Delegated Regulation (EU) supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards (RTS) specifying the content and time limits for the initial notification of, and intermediate and final report on, major ICT-related incidents, and the content of the voluntary notification for significant cyber threats.
- Commission Implementing Regulation (EU) laying down implementing technical standards (ITS) for the application of Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to the standard forms, templates, and procedures for financial entities to report a major ICT-related incident and to notify a significant cyber threat.
The RTS and ITS are based on drafts that the Joint Committee of the European Supervisory Authorities published earlier this year.
The Council of the EU and the European Parliament will scrutinise the Delegated Regulation. If neither object, it will be published in the Official Journal of the European Union (OJ).
The Implementing Regulation will be published in the OJ without further scrutiny.
Both will enter into force 20 days after publication in the OJ.