ESMA_QA_2158
15/04/2024
Subject Matter
Understandig of timelimits of intermediate repots for major related ICT-incidents
Original question
Is our standing of Article 6 of the RTS correct, that an institution should submit more than one intermediate report for a major ICT-incident, if that incident continues over the 72 hours threshold for the initial intermediate report?
Art. 6 states that an institution has to submit a report in case that after 72 hours the incident is not resolved or when the incident is resolved. Our understanding is that the "or" means that an institute has to submit more than one report in case that the incident is resolved after more than 72 hours.
Art. 6 states that an institution has to submit a report in case that after 72 hours the incident is not resolved or when the incident is resolved. Our understanding is that the "or" means that an institute has to submit more than one report in case that the incident is resolved after more than 72 hours.
Status: Question Published
Additional Information
Level 1 Regulation
Regulation (EU) 2022/2554 - The Digital Operational Resilience Act (DORA)
Additional Legal Reference
Draft RTS Article 6 section 1 lit. b)JC 2023 70
Topic
ICT-related incidentÂ