Documents – Page 67

Newsletter

Document date: 26 March 2024

CSSF Newsletter No 278 – March 2024

Studies and reports

Document date: 25 March 2024

Final report on draft ITS on Register of Information

Main topics: ICT and cyber risk – for DORA entities

Relevant for: Central Securities Depositories (CSDs) Credit institutions Crowdfunding service providers Data Reporting Service Providers (DRSPs) E-money institutions Investment firms Investment fund managers Payment institutions Virtual Asset Service Providers (VASPs)

Topics: Cybersecurity Information and communications technology (ICT) Information security

RTS

Document date: 25 June 2024

Commission Delegated Regulation (EU) 2024/1774 of 13 March 2024

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework

Main topics: ICT and cyber risk – for DORA entities

Relevant for: Central Securities Depositories (CSDs) Credit institutions Crowdfunding service providers Crypto-Assets Service Providers (CASPs) Data Reporting Service Providers (DRSPs) Investment firms Investment fund managers Issuers of Tokens Payment institutions/electronic money institutions/AISPs Pension fund

Topics: Cybersecurity Information and communications technology (ICT) Information security

RTS

Document date: 25 June 2024

Commission Delegated Regulation (EU) 2024/1773 of 13 March 2024

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the detailed content of the policy regarding contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers

Main topics: ICT and cyber risk – for DORA entities

Relevant for: Central Securities Depositories (CSDs) Credit institutions Crowdfunding service providers Crypto-Assets Service Providers (CASPs) Data Reporting Service Providers (DRSPs) Investment firms Investment fund managers Issuers of Tokens Payment institutions/electronic money institutions/AISPs Pension fund

Topics: Cybersecurity Information and communications technology (ICT) Information security

RTS

Document date: 25 June 2024

Commission Delegated Regulation (EU) 2024/1772 of 13 March 2024

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the criteria for the classification of ICT-related incidents and cyber threats, setting out materiality thresholds and specifying the details of reports of major incidents

Main topics: ICT and cyber risk – for DORA entities

Relevant for: Central Securities Depositories (CSDs) Credit institutions Crowdfunding service providers Crypto-Assets Service Providers (CASPs) Data Reporting Service Providers (DRSPs) Investment firms Investment fund managers Issuers of Tokens Payment institutions/electronic money institutions/AISPs Pension fund

Topics: Cybersecurity Information and communications technology (ICT) Information security

EU regulation

Document date: 30 May 2024

Commission Delegated Regulation (EU) 2024/1502 of 22 February 2024

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council by specifying the criteria for the designation of ICT third-party service providers as critical for financial entities

Main topics: ICT and cyber risk – for DORA entities

Relevant for: Central Securities Depositories (CSDs) Credit institutions Crowdfunding service providers Crypto-Assets Service Providers (CASPs) Data Reporting Service Providers (DRSPs) Investment firms Investment fund managers Issuers of Tokens Payment institutions/electronic money institutions/AISPs Pension fund

Topics: Cybersecurity Information and communications technology (ICT) Information security

EU regulation

Document date: 30 May 2024

Commission Delegated Regulation (EU) 2024/1505 of 22 February 2024

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council by determining the amount of the oversight fees to be charged by the Lead Overseer to critical ICT third-party service providers and the way in which those fees are to be paid

Main topics: ICT and cyber risk – for DORA entities

Relevant for: Central Securities Depositories (CSDs) Credit institutions Crowdfunding service providers Crypto-Assets Service Providers (CASPs) Data Reporting Service Providers (DRSPs) Investment firms Investment fund managers Issuers of Tokens Payment institutions/electronic money institutions/AISPs Pension fund

Topics: Cybersecurity Information and communications technology (ICT) Information security

EU directive

Document date: 27 December 2022

Directive (EU) 2022/2556 of the European Parliament and of the Council of 14 December 2022

amending Directives 2009/65/EC, 2009/138/EC, 2011/61/EU, 2013/36/EU, 2014/59/EU, 2014/65/EU, (EU) 2015/2366 and (EU) 2016/2341 as regards digital operational resilience for the financial sector (Text with EEA relevance)

Main topics: ICT and cyber risk – for DORA entities

Relevant for: Central Securities Depositories (CSDs) Credit institutions Crowdfunding service providers Crypto-Assets Service Providers (CASPs) Data Reporting Service Providers (DRSPs) Investment firms Investment fund managers Issuers of Tokens Payment institutions/electronic money institutions/AISPs Pension fund

Topics: Cybersecurity Information and communications technology (ICT) Information security

EU regulation

Document date: 27 December 2022

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022

on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance)

Main topics: ICT and cyber risk – for DORA entities

Relevant for: Central Securities Depositories (CSDs) Credit institutions Crowdfunding service providers Crypto-Assets Service Providers (CASPs) Data Reporting Service Providers (DRSPs) Investment firms Investment fund managers Issuers of Tokens Payment institutions/electronic money institutions/AISPs Pension fund

Topics: Cybersecurity Information and communications technology (ICT) Information security

EU regulation

Document date: 22 March 2024

Council Implementing Regulation (EU) 2024/952 of 22 March 2024

implementing Regulation (EU) 2020/1998 concerning restrictive measures against serious human rights violations and abuses

Main topics: Financial crime

Topics: International sanctions Restrictive measures Ukraine

Name	Description	Duration
cssf_cookies	Saves information regarding the user's consent to the use of cookies for each optional category.	1 year
ROUTEID	Technical cookie allowing load distribution.	Deleted when the browsing session ends
TBMCookie*	Security: This cookies protects the website against automated attacks.	Deleted when the browsing session ends
__utmvc	These first party cookies are set by a third party service to filter out malicious requests.	Deleted when the browsing session ends
__utmvm*	These first party cookies are set by a third party service to filter out malicious requests.	15 minutes

Name	Description	Duration
cssf_profile	This cookie adapts the website pages to the profile chosen by the visitor (professionals, markets, consumers).	1 year
pll_language	This cookie saves the user’s language choice.	1 year

Name	Description	Duration
_pk_id.#	Collects anonymous statistical data on the website consultations, such as the number of visits or the average time spent on the website. The data is processed in-house and is not shared with a third party.	1 year
_pk_ses.#	Collects anonymous statistical data for the tracking of the pages consulted during the browsing session. The data is processed in-house and is not shared with a third party.	30 minutes

Archives: Documents