ICT Incident Reporting under DORA
DORA's incident-reporting pillar (Articles 17–23) requires financial entities to detect, manage, classify, and report major ICT-related incidents to their competent authority using a harmonised template and defined timelines.
Classification
Incidents are assessed against criteria such as the number of clients affected, duration, geographic spread, data losses, and economic impact to determine whether they are major and therefore reportable.
Reporting timelines
Major incidents follow a three-stage flow, an initial notification, an intermediate report, and a final report, with deadlines set out in the regulatory technical standards. Our incident classifier helps estimate whether an incident is reportable.
Frequently asked questions
What counts as a major incident under DORA?
An incident that meets thresholds across criteria such as clients affected, duration, data loss, and economic impact, as defined in the RTS on classification.