Reporting Major ICT-related Incidents and Significant Cyber Threats under DORA

From 17 January 2025, financial entities subject to the Digital Operational Resilience Act (DORA) (Regulation (EU) 2022/2554) will be obliged to submit reports on major ICT-related incidents to the Central Bank, where the required criteria and thresholds have been met. In scope financial entities may also submit reports on significant cyber threats. Information to support financial entities in the submission of these reports via the Central Bank Portal is provided below.

Key documents to support in scope financial entities with the submission process include:

• Guide to submitting major ICT – related incidents and significant cyber threats reports to the Central Bank Portal  (Will be published 16 January)
• Major ICT-related Incident Reporting Template (XLSX 133.34KB)
• Significant Cyber Threat Reporting Template (XLSX 70.28KB)

The major ICT-related incident reporting template and significant cyber threat reporting template are to be used by in scope financial entities when submitting a major ICT-related incident and significant cyber threat report respectively. These templates have been designed by the European Supervisory Authorities. Please note that minor updates may be made to these in the coming months.

Further information on the reporting requirements are contained in the following documents: