Major ICT-Related Incident
A major ICT-related incident is an ICT incident that meets DORA's classification thresholds and must therefore be reported to the competent authority. Classification (Article 18) considers factors such as clients affected, duration, geographic spread, data losses, and economic impact.
Detailed explanation
DORA harmonises how financial entities decide which incidents are serious enough to report. An incident is assessed against materiality criteria set out in the regulation and its technical standards; if the relevant thresholds are crossed, it is 'major' and triggers mandatory reporting on a defined timeline, an initial notification, an intermediate report as understanding develops, and a final report with root-cause analysis. Entities must also notify affected clients where appropriate. Getting classification right matters: over-reporting wastes resources, while under-reporting risks supervisory penalties.
In context
This term relates to the ICT Incident Reporting pillar and is grounded in DORA Article 18.