Technology
Important Regulatory Update from the CSSF: Stay Informed and Supported
The Commission de Surveillance du Secteur Financier (CSSF) has issued two Circulars — CSSF 25/893 and CSSF 25/892 — that reinforce Luxembourg’s commitment to implementing the Digital Operational Resilience Act (DORA). These circulars provide a comprehensive regulatory framework for ICT-related incident classification and reporting, as well as for estimating the financial impact of such incidents.
Branches in Luxembourg of financial entities whose head office is based in another EU Member State (EU branches) are expected to report major ICT-related incidents, significant cyber threats and their estimations to the competent authority of their home Member State under DORA. As such, they are excluded from the scope of these circulars.