DORA consumes PSD2 major incident reporting


To reduce the administrative burden and potentially duplicative reporting obligations for certain financial entitiesas defined in Article 2, points (a) to (t), the requirement for the incident reporting pursuant to Directive (EU) 2015/2366 of the European Parliament and of the Council (12)Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, p. 35). should cease to apply to payment service providers that fall within the scope of this Regulation. Consequently, credit institutionsa credit institution as defined in Article 4(1), point (1), of Regulation (EU) No 575/2013 of the European Parliament and of the Council, e-money institutions, payment institutionsa payment institution as defined in Article 4, point (4), of Directive (EU) 2015/2366 and account information service providersan account information service provider as referred to in Article 33(1) of Directive (EU) 2015/2366, as referred to in Article 33(1) of that Directive, should, from the date of application of this Regulation, report pursuant to this Regulation, all operational or security payment-related incidentsa single event or a series of linked events unplanned by the financial entities referred to in Article 2(1), points (a) to (d), whether ICT-related or not, that has an adverse impact on the availability, authenticity, integrity or confidentiality of payment-related data, or on the payment-related services provided by the financial entity which have been previously reported pursuant to that Directive, irrespective of whether such incidents are ICT-related.