Documents – Page 81

CSSF circular

Document date: 29 March 2024

Circular CSSF 24/856

Protection of investors in case of an NAV calculation error, an instance of non-compliance with the investment rules and other errors at UCI level

Relevant for: Investment companies in risk capital (SICARs) Specialised investment funds (SIFs) Undertakings for collective investment in transferable securities (UCITS) Undertakings for collective investment subject to Part II of the Law of 17 December 2010 (Part II UCIs)

Topics: Accounting AIF (alternative investment fund) Approved statutory auditor (réviseur d'entreprises agréé) Asset valuation Depositary ELTIF EuSEF EuVECA Internal governance Investor protection Money Market Fund (MMF) NAV calculation Risk management UCI administration

CSSF circular

Document date: 27 March 2024

Archived since 12 May 2026

Circular CSSF-CPDI 24/40 (outdated)

Survey on the amount of covered deposits held on 31 March 2024

Relevant for: Credit institutions

Topics: Deposit Guarantee Schemes Depositor and Investor Protection Board (CPDI) Luxembourg Deposit Guarantee Fund (FGDL)

Technical document

Document date: 27 March 2024

Circular CSSF 24/847 Major ICT-related incident notification, DORA Major ICT-related incident and significant cyber threats reporting

User guide

Relevant for: Management companies - Chapter 16 Payment institutions Specialised PFS Support PFS

Topics: Cybersecurity eDesk Information and communications technology (ICT) Information security

Studies and reports

Document date: 25 March 2024

Final report on draft ITS on Register of Information

Main topics: ICT and cyber risk – for DORA entities

Relevant for: Central Securities Depositories (CSDs) Credit institutions Crowdfunding service providers Data Reporting Service Providers (DRSPs) E-money institutions Investment firms Investment fund managers Payment institutions Virtual Asset Service Providers (VASPs)

Topics: Cybersecurity Information and communications technology (ICT) Information security

RTS

Document date: 25 June 2024

Commission Delegated Regulation (EU) 2024/1774 of 13 March 2024

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework

Main topics: ICT and cyber risk – for DORA entities

Relevant for: Central Securities Depositories (CSDs) Credit institutions Crowdfunding service providers Crypto-Assets Service Providers (CASPs) Data Reporting Service Providers (DRSPs) Investment firms Investment fund managers Issuers of Tokens Payment institutions/electronic money institutions/AISPs Pension fund

Topics: Cybersecurity Information and communications technology (ICT) Information security

RTS

Document date: 25 June 2024

Commission Delegated Regulation (EU) 2024/1773 of 13 March 2024

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the detailed content of the policy regarding contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers

Main topics: ICT and cyber risk – for DORA entities

Relevant for: Central Securities Depositories (CSDs) Credit institutions Crowdfunding service providers Crypto-Assets Service Providers (CASPs) Data Reporting Service Providers (DRSPs) Investment firms Investment fund managers Issuers of Tokens Payment institutions/electronic money institutions/AISPs Pension fund

Topics: Cybersecurity Information and communications technology (ICT) Information security

RTS

Document date: 25 June 2024

Commission Delegated Regulation (EU) 2024/1772 of 13 March 2024

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the criteria for the classification of ICT-related incidents and cyber threats, setting out materiality thresholds and specifying the details of reports of major incidents

Main topics: ICT and cyber risk – for DORA entities

Relevant for: Central Securities Depositories (CSDs) Credit institutions Crowdfunding service providers Crypto-Assets Service Providers (CASPs) Data Reporting Service Providers (DRSPs) Investment firms Investment fund managers Issuers of Tokens Payment institutions/electronic money institutions/AISPs Pension fund

Topics: Cybersecurity Information and communications technology (ICT) Information security

EU regulation

Document date: 30 May 2024

Commission Delegated Regulation (EU) 2024/1502 of 22 February 2024

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council by specifying the criteria for the designation of ICT third-party service providers as critical for financial entities

Main topics: ICT and cyber risk – for DORA entities

Relevant for: Central Securities Depositories (CSDs) Credit institutions Crowdfunding service providers Crypto-Assets Service Providers (CASPs) Data Reporting Service Providers (DRSPs) Investment firms Investment fund managers Issuers of Tokens Payment institutions/electronic money institutions/AISPs Pension fund

Topics: Cybersecurity Information and communications technology (ICT) Information security

EU regulation

Document date: 30 May 2024

Commission Delegated Regulation (EU) 2024/1505 of 22 February 2024

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council by determining the amount of the oversight fees to be charged by the Lead Overseer to critical ICT third-party service providers and the way in which those fees are to be paid

Main topics: ICT and cyber risk – for DORA entities

Relevant for: Central Securities Depositories (CSDs) Credit institutions Crowdfunding service providers Crypto-Assets Service Providers (CASPs) Data Reporting Service Providers (DRSPs) Investment firms Investment fund managers Issuers of Tokens Payment institutions/electronic money institutions/AISPs Pension fund

Topics: Cybersecurity Information and communications technology (ICT) Information security

Name	Description	Duration
cssf_cookies	Saves information regarding the user's consent to the use of cookies for each optional category.	1 year
ROUTEID	Technical cookie allowing load distribution.	Deleted when the browsing session ends
TBMCookie*	Security: This cookies protects the website against automated attacks.	Deleted when the browsing session ends
__utmvc	These first party cookies are set by a third party service to filter out malicious requests.	Deleted when the browsing session ends
__utmvm*	These first party cookies are set by a third party service to filter out malicious requests.	15 minutes

Name	Description	Duration
cssf_profile	This cookie adapts the website pages to the profile chosen by the visitor (professionals, markets, consumers).	1 year
pll_language	This cookie saves the user’s language choice.	1 year

Name	Description	Duration
_pk_id.#	Collects anonymous statistical data on the website consultations, such as the number of visits or the average time spent on the website. The data is processed in-house and is not shared with a third party.	1 year
_pk_ses.#	Collects anonymous statistical data for the tracking of the pages consulted during the browsing session. The data is processed in-house and is not shared with a third party.	30 minutes

Archives: Documents