RTS (EU) 2024/1772 – Incident Classification
| Property | Value |
|---|---|
| Number | Delegated Regulation (EU) 2024/1772 |
| DORA Article | Art. 18(3) |
| Pillar | P2 – Incident Reporting |
| Publication | 25.06.2024 |
| Applicable since | 17.01.2025 |
| EUR-Lex | Link |
Content
Specifies the 7 classification criteria for ICT-related incidents and cyber threats:
- Affected clients/financial counterparties
- Reputational impact
- Downtime of critical services
- Geographic spread
- Data loss (CIA triad)
- Criticality of affected services
- Economic impact
Defines materiality thresholds and provides practical examples for applying the criteria.
→ Details: P2: Incident Reporting